You're likely right here, combining two trust systems does add complexity without solving the core problem. While browsers requiring CT was a great step forward, it's surprisingly under-utilized by orgs. I wonder if…
I know this is an oversimplification, but if the main issue is the single point of failure (centralized trust), wouldn’t a potential solution be to layer independent verification mechanisms on top of the current system?…
Baader-Meinhof strikes again - checked this out in the morning and just caught your Citibike tweet. You're on a roll today!
[dead]
Ahhhh, that tracks, cheers mate.
Exhaustive/Robust is the way for sure. Minimizing storage was a priority for me since it's just a small side-project/automation. I've looked for information on what the hell the `flowers-to-the-world` entries are that…
I also noticed you are ingesting/storing flowers-to-the-world.com certs, not sure what stage of optimization you are at but blacklisting/ignoring these certs in my ingestion pipeline helped with avoiding storing…
Awesome, I will keep my eye on this for sure, I've spent the past few months tinkering with ingesting CT logs for bug bounty automation. Curious if you're running your own CertStream server, or just continuously polling…
Have you considered adding a monitoring feature where a user can enter a domain to be monitored and then be notified if a "similar" domain comes across the ingestion pipeline. This would be useful for early detection of…
I'd imagine it's a combination of - CT log monitoring (https://github.com/CaliDog/CertStream-Server) - Mass-Scanning across ipv4 on 80/443 at the least? - Brute-forcing subdomains on wildcards with large DNS wordlist…
You're likely right here, combining two trust systems does add complexity without solving the core problem. While browsers requiring CT was a great step forward, it's surprisingly under-utilized by orgs. I wonder if…
I know this is an oversimplification, but if the main issue is the single point of failure (centralized trust), wouldn’t a potential solution be to layer independent verification mechanisms on top of the current system?…
Baader-Meinhof strikes again - checked this out in the morning and just caught your Citibike tweet. You're on a roll today!
[dead]
[dead]
Ahhhh, that tracks, cheers mate.
Exhaustive/Robust is the way for sure. Minimizing storage was a priority for me since it's just a small side-project/automation. I've looked for information on what the hell the `flowers-to-the-world` entries are that…
I also noticed you are ingesting/storing flowers-to-the-world.com certs, not sure what stage of optimization you are at but blacklisting/ignoring these certs in my ingestion pipeline helped with avoiding storing…
Awesome, I will keep my eye on this for sure, I've spent the past few months tinkering with ingesting CT logs for bug bounty automation. Curious if you're running your own CertStream server, or just continuously polling…
Have you considered adding a monitoring feature where a user can enter a domain to be monitored and then be notified if a "similar" domain comes across the ingestion pipeline. This would be useful for early detection of…
I'd imagine it's a combination of - CT log monitoring (https://github.com/CaliDog/CertStream-Server) - Mass-Scanning across ipv4 on 80/443 at the least? - Brute-forcing subdomains on wildcards with large DNS wordlist…