Search for Remote Management Systems Exposed to Attack Surface Using SSL Certificate Search Feature (ssl_issuer_organization)
Among the filters of Asset Search provided by Criminal IP (hereinafter referred to as CIP) is ssl_issuer_organization. Using this filter, you can check which institution’s certificate was signed by an SSL protocol such as https. When we look at the SSL certificate of criminalip.io below, for example, “Verified by” is noted as “Sectigo Limited(formerly Comodo CA)” which implies that Comodo SSL certificate was used.
If you want to find certificates signed by Sectigo , you can search for it on Asset Search as follows. Here, we can see that hundreds of IP addresses are found since Sectigo is a prestigious certificate institution.
Criminal IP’s SSL Certificate: “Verified by” is noted as “Sectigo Limited” A result when searched IP address signed with “sectigo” certificate on Criminal IP’s Asset Search
Using the same logic, let’s search for Red Had Satellite , a remote management system that distributes, organizes, and maintains systems across physical, virtual, and cloud environments. Satellite is a simple and convenient system as it provides provisioning, remote management and monitoring for multiple Red Hat Enterprise Linux distribution, using a single centralized tool. However, it is also the system that causes the most serious problem if exposed to the attack surface because it can be controlled externally. To search for Red Hat Satellite, you can input a certificate named “Katello.”
