Ransomware Reconnaissance: Interrogating Certificates Towards Proactive Threat Mitigation
Steph Rudd
2024
Abstract
“Got Root?” Presented herewith is an innovative approach to ransomware defence by interrogating the security certificate chain pertaining to modern website security. It is a proactive strategy to scrutinise the online resources prior to download for assessment of likelihood that ransomware may be present as a result of inconsistencies between the URL and its security certificate. OpenSSL is employed for interrogating certificate attributes, including characteristics such as domain mismatch and revocation status, through the systematic approach of certificate retrieval, parsing and validation. Whilst not a ‘silver bullet solution’ to the wider realm of ransomware attacks, this study presents a nuanced approach to suspicion detected under certificate-related vulnerabilities at a preemptive and reconnaissance stage of hazard - a necessary basis for any subsequent cyber security investigation.
DownloadPaper Citation
in Harvard Style
Rudd S. (2024). Ransomware Reconnaissance: Interrogating Certificates Towards Proactive Threat Mitigation. In Proceedings of the 9th International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS; ISBN 978-989-758-699-6, SciTePress, pages 97-106. DOI: 10.5220/0012710600003705
in Bibtex Style
@conference{iotbds24,
author={Steph Rudd},
title={Ransomware Reconnaissance: Interrogating Certificates Towards Proactive Threat Mitigation},
booktitle={Proceedings of the 9th International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS},
year={2024},
pages={97-106},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012710600003705},
isbn={978-989-758-699-6},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 9th International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS
TI - Ransomware Reconnaissance: Interrogating Certificates Towards Proactive Threat Mitigation
SN - 978-989-758-699-6
AU - Rudd S.
PY - 2024
SP - 97
EP - 106
DO - 10.5220/0012710600003705
PB - SciTePress