Common Information
| Type | Value |
|---|---|
| Value |
Private Keys - T1145 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | Private cryptographic keys and certificates are used for authentication, encryption/decryption, and digital signatures. (Citation: Wikipedia Public Key Crypto) Adversaries may gather private keys from compromised systems for use in authenticating to Remote Services like SSH or for use in decrypting other collected files such as email. Common key and certificate file extensions include: .key, .pgp, .gpg, .ppk., .p12, .pem, pfx, .cer, .p7b, .asc. Adversaries may also look in common key directories, such as <code>~/.ssh</code> for SSH keys on *nix-based systems or <code>C:\Users\(username)\.ssh\</code> on Windows. Private keys should require a password or passphrase for operation, so an adversary may also use Input Capture for keylogging or attempt to Brute Force the passphrase off-line. Adversary tools have been discovered that search compromised systems for file extensions relating to cryptographic keys and certificates. (Citation: Kaspersky Careto) (Citation: Palo Alto Prince of Persia) Detection: Monitor access to files and directories related to cryptographic keys and certificates as a means for potentially detecting access patterns that may indicate collection and exfiltration activity. Collect authentication logs and look for potentially abnormal activity that may indicate improper use of keys or certificates for remote authentication. Platforms: Linux, Windows, macOS Data Sources: File monitoring Permissions Required: User Contributors: Itzik Kotler, SafeBreach |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-17 | 1 | Digital certificates | ||
| Details | Website | 2024-11-17 | 0 | Buffer Overflow Attacks: Best Practices Against it in Cybersecurity. | ||
| Details | Website | 2024-11-16 | 1 | The Authorities Of The Internet: Understanding Certificate Authorities | ||
| Details | Website | 2024-11-15 | 2 | STOLEN NFTs RECOVERY HACKER FOR HIRE REVIEWS> BRUNOE QUICK HACK > +17057842635 | ||
| Details | Website | 2024-11-15 | 0 | Active Directory Certificate Services— Part 1 | ||
| Details | Website | 2024-11-15 | 2 | ViperSoftX: Tracking And Countering a Persistent Threat - CUJO AI | ||
| Details | Website | 2024-11-13 | 0 | Day 4: Introduction to OS Security — Offensive Security Basics | ||
| Details | Website | 2024-11-13 | 2 | PKI and CLM Insights from 2024: Preparing for a Cyber Resilient 2025 | ||
| Details | Website | 2024-11-13 | 2 | Black Alps 2024: Highlights from Switzerland Cybersecurity Ecosystem | ||
| Details | Website | 2024-11-13 | 0 | Crypto Network Security: Essential Tips To Protect Your Digital Assets In 2023 | ||
| Details | Website | 2024-11-13 | 0 | Mastering Crypto Wallet Management: Secure Your Digital Assets With Confidence | ||
| Details | Website | 2024-11-12 | 2 | "How XBANKING’s Non-Custodial Model Enhances Security and Control for DeFi Investors" | ||
| Details | Website | 2024-11-12 | 0 | S/MIME vs PGP — A Comprehensive Comparison of Email Security Protocols | ||
| Details | Website | 2024-11-12 | 3 | How to connect to an Amazon EC2 Instance | ||
| Details | Website | 2024-11-11 | 2 | computer & mobile forensics VS cybercrime | #cybercrime | #infosec | National Cyber Security Consulting | ||
| Details | Website | 2024-11-11 | 7 | Don’t Fall for these Scams, Top Tips, Tricks & Insights to Keep You Safe & Secure in Web3 — Crypto… | ||
| Details | Website | 2024-11-11 | 0 | Secret Key Exchange: Diffie-Hellman Algorithm | ||
| Details | Website | 2024-11-09 | 18 | BugBounty — Mastering the Basics (along with Resources)[Part-3] | ||
| Details | Website | 2024-11-08 | 0 | The Security Risks of Blockchain Technology | ||
| Details | Website | 2024-11-08 | 35 | Life on a crooked RedLine: Analyzing the infamous infostealer’s backend | ||
| Details | Website | 2024-11-07 | 2 | From Secure to Vulnerable: The Impact of Quantum Computing on RSA Encryption and Other Digital… | ||
| Details | Website | 2024-11-07 | 28 | What is Ryuk Ransomware? The Complete Breakdown | ||
| Details | Website | 2024-11-06 | 0 | What is a Man-in-the-Middle (MITM) Attack? : A Layman’s Guide | ||
| Details | Website | 2024-11-06 | 162 | Certik Skynet Quiz Answer | ||
| Details | Website | 2024-11-06 | 0 | Navigating DORA: Essential IT Security and Compliance Practices for Financial Institutions |