Re: Discovering unlogged certificates in internet-wide scans

2018-03-31 Thread Michael Casadevall via dev-security-policy
On 03/31/2018 09:53 PM, Tim Smith wrote: > On Sat, Mar 31, 2018 at 6:28 PM, Michael Casadevall via > dev-security-policy wrote: > Thanks for taking a look. My understanding of Rapid7's methodology [1, > 2] is that they knock on well-known ports. The

Re: Discovering unlogged certificates in internet-wide scans

2018-03-31 Thread Tim Smith via dev-security-policy
On Sat, Mar 31, 2018 at 6:28 PM, Michael Casadevall via dev-security-policy wrote: > Pretty interesting read, and always happy to see more information go > into CT. One thing I couldn't divine from your data was how did you look > for non-HTTPS services? Did

Re: Discovering unlogged certificates in internet-wide scans

2018-03-31 Thread Michael Casadevall via dev-security-policy
On 03/31/2018 06:14 PM, Tim Smith via dev-security-policy wrote: > Hi MDSP, > > I went looking for corpuses of certificates that may not have been > previously logged to CT and found some in the Rapid7 "More SSL" dataset, > which captures certificates from their scans of non-HTTPS ports for >

Re: Discovering unlogged certificates in internet-wide scans

2018-03-31 Thread Alex Cohn via dev-security-policy
I'm currently grabbing certs from Censys's BigQuery extracts and submitting them to the Argon logs (and Daedalus/Rocketeer for certs that fall before/after Argon's not-after range). There's a fair bit of latency in the process; I'm only running this script weekly (it costs about $4 a pop in

Re: Discovering unlogged certificates in internet-wide scans

2018-03-31 Thread Tim Smith via dev-security-policy
On Sat, Mar 31, 2018 at 3:26 PM, Kurt Roeckx wrote: > Have you done the for their other scans? I haven't. The Rapid7 HTTPS corpus is much larger; I'm not sure my approach will scale that far and I imagine the new discovery rate will be lower. Censys has been interested in

Re: Discovering unlogged certificates in internet-wide scans

2018-03-31 Thread Kurt Roeckx via dev-security-policy
On Sat, Mar 31, 2018 at 10:14:27PM +, Tim Smith via dev-security-policy wrote: > Hi MDSP, > > I went looking for corpuses of certificates that may not have been > previously logged to CT and found some in the Rapid7 "More SSL" dataset, > which captures certificates from their scans of

Discovering unlogged certificates in internet-wide scans

2018-03-31 Thread Tim Smith via dev-security-policy
Hi MDSP, I went looking for corpuses of certificates that may not have been previously logged to CT and found some in the Rapid7 "More SSL" dataset, which captures certificates from their scans of non-HTTPS ports for TLS-speaking services. I wrote up some findings at