Corey Bonnell CBonnell
CBonnell
/ gist:1f01ccd93667c37800b67e518340c606
Last active
February 23, 2019 14:10
DarkMatter-issued certificates, notBefore >= 2016-09-30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| QuoVadis | |
| "crt.sh URL(s)", notBefore, "serial number", "highest set bit", "issuer CN" | |
| "https://crt.sh/?id=85497938 (precert)", 2017-02-06, 5B:FC:72:86:43:23:99:6B, 63, "DarkMatter High Assurance CA" | |
| "https://crt.sh/?id=85497941 (precert)", 2017-02-06, 04:9E:3C:E1:F1:4B:C1:A1, 59, "DarkMatter High Assurance CA" | |
| "https://crt.sh/?id=85497942 (precert)", 2017-02-06, 3E:1D:03:8A:F2:73:F3:E9, 62, "DarkMatter High Assurance CA" | |
| "https://crt.sh/?id=85498180 (precert)", 2017-02-06, 9A:45:0C:14:16:BB:B4, 56, "DarkMatter High Assurance CA" | |
| "https://crt.sh/?id=85498184 (precert)", 2017-02-06, 79:76:12:FE:31:58:53:99, 63, "DarkMatter High Assurance CA" | |
| "https://crt.sh/?id=85498186 (precert)", 2017-02-06, 42:2A:F0:A8:25:EC:14:34, 63, "DarkMatter High Assurance CA" | |
| "https://crt.sh/?id=85283194 (precert); https://crt.sh/?id=266919536 (final)", 2017-02-06, 2F:90:D6:AA:A7:2B:D1:9D, 62, "DarkMatter High Assurance CA" | |
| "https://crt.sh/?id=85667726 (precert); https://crt.sh/?id=269941290 (final)", 2017-02-07, 1A:CD:66:B2:4B:2B:07:8 |
CBonnell
/ jurisST.txt
Last active
August 20, 2019 02:25
EV certificates, C=US with non-existent ST and jurisST RDN values
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (tags.raw:"ev" and parsed.subject.jurisdiction_country:US and parsed.subject.jurisdiction_province:* and not parsed.subject.jurisdiction_province:"Alabama" and not parsed.subject.jurisdiction_province:"AL" and not parsed.subject.jurisdiction_province:"Alaska" and not parsed.subject.jurisdiction_province:"AK" and not parsed.subject.jurisdiction_province:"Arizona" and not parsed.subject.jurisdiction_province:"AZ" and not parsed.subject.jurisdiction_province:"Arkansas" and not parsed.subject.jurisdiction_province:"AR" and not parsed.subject.jurisdiction_province:"California" and not parsed.subject.jurisdiction_province:"CA" and not parsed.subject.jurisdiction_province:"Colorado" and not parsed.subject.jurisdiction_province:"CO" and not parsed.subject.jurisdiction_province:"Connecticut" and not parsed.subject.jurisdiction_province:"CT" and not parsed.subject.jurisdiction_province:"Delaware" and not parsed.subject.jurisdiction_province:"DE" and not parsed.subject.jurisdiction_province:"Florida" and not parsed.subj |
CBonnell
/ v1 CRLs in MozillaIntermediateCerts.csv
Created
March 5, 2020 04:11
We can make this file beautiful and searchable if this error is corrected: It looks like row 6 should actually have 1 column, instead of 2. in line 5.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CRL URI: intermediate cert subject (ASN.1 version) | |
| http://g.symcb.com/crls/gtglobal.crl: /C=DE/O=CertCenter AG/OU=Domain Validated SSL/CN=AlwaysOnSSL CA - G2 (0) | |
| http://g.symcb.com/crls/gtglobal.crl: /CN=Apple IST CA 2 - G1/OU=Certification Authority/O=Apple Inc./C=US (0) | |
| http://s.symcb.com/pca3-g5.crl: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G2 (0) | |
| http://s.symcb.com/pca3-g5.crl: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G2 (0) | |
| http://g.symcb.com/crls/gtglobal.crl: /C=US/O=DigiCert, Inc./OU=www.digicert.com/CN=DigiCert TLS ICA GeoTrust Global (0) | |
| http://s.symcb.com/pca3-g5.crl: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Transition RSA Root (0) | |
| http://crl.geotrust.com/crls/gtglobal.crl: /C=JP/O=NTT DOCOMO, INC./OU=GeoRoot Certification Authority/CN=DKHS Device CA (0) | |
| http://g.symcb.com/crls/gtglobal.crl: /C=JP/O=NTT DOCOMO, INC./OU=GeoRoot Certification Authority/CN=DKHS Device CA - G2 (0) | |
| http://crl.geotrust.com/crls/gtglobal.crl: /C=US/O=GeoTrust Inc |
CBonnell
/ shellcode_modulus.txt
Last active
December 5, 2021 00:03
Vanity RSA key with Windows bind shellcode in modulus
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| _ _ _, __, _, _ _ _, _ _, | |
| | | / \ |_) |\ | | |\ | / _ | |
| |/\| |~| | \ | \| | | \| \ / | |
| ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ | |
| This key is extremely weak and should not be used for anything | |
| Vanity RSA-3072 key with Windows bind shellcode in modulus. DER encoding of the CSR below detected by ClamAV as a trojan: https://www.virustotal.com/gui/file/b757330297ddccd7ec1fdac846dc7a69b1e75541b53ba8b8a508b0370c7b23da/detection | |
| -----BEGIN CERTIFICATE REQUEST----- |
CBonnell
/ SHA-1 CRLs
Last active
January 18, 2022 17:47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Fetch errors: | |
| HTTPConnectionPool(host='crl.comodo.net', port=80): Max retries exceeded with url: /AAACertificateServices.crl (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object | |
| at 0x0000025BA14EE0D0>: Failed to establish a new connection: [Errno 11001] getaddrinfo failed')) | |
| 403 Client Error: Forbidden for url: http://crl.tuntrust.tn/tntrustrootca.crl | |
| HTTPConnectionPool(host='atospki', port=80): Max retries exceeded with url: /crl/Atos_TrustedRoot_CA_2011.crl (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x000001B43D5D87C0>: Failed to establish a new connection: [Errno 11001] getaddrinfo failed')) |
CBonnell
/ gutmann_testkeys.py
Last active
March 7, 2022 14:11
Converts the private keys listed in https://datatracker.ietf.org/doc/draft-gutmann-testkeys/ to OpenSSL-consumable format
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import base64 | |
| import lark | |
| import binascii | |
| from cryptography.hazmat.primitives.asymmetric import ec, rsa, dsa | |
| from cryptography.hazmat.primitives import serialization | |
| from pyasn1.codec.der.encoder import encode | |
| from pyasn1.type import univ | |
| from pyasn1.type.namedtype import NamedTypes, NamedType |
CBonnell
/ csr-attr.py
Last active
November 30, 2023 14:50
Generate a CSR Attributes with AcpNodeName in SAN
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pyasn1_alt_modules import rfc2986, rfc2985, rfc5280, rfc8994, rfc7030 | |
| from pyasn1.codec.der.encoder import encode | |
| import base64 | |
| gn = rfc5280.GeneralName() | |
| acp_name = gn['otherName'] | |
| acp_name['type-id'] = rfc8994.id_on_AcpNodeName | |
| acp_name['value'] = rfc8994.AcpNodeName('fd89b714f3db00000200000064000000+area51.research@acp.example.com') |