RUDD, Steph (2024). Ransomware Reconnaissance: Interrogating Certificates Towards Proactive Threat Mitigation. In: KOBUSINSKA, Anna, JACOBSSON, Andreas and CHANG, Victor, (eds.) Proceedings of the 9th International Conference on Internet of Things, Big Data and Security IoTBDS. SCITEPRESS - Science and Technology Publications, 97-106. [Book Section]
Documents
34377:715811
PDF
Rudd-RansomwareReconnaissanceInterrogating(VoR).pdf - Published Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.
Rudd-RansomwareReconnaissanceInterrogating(VoR).pdf - Published Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.
Download (193kB) | Preview
Abstract
“Got Root?” Presented herewith is an innovative approach to ransomware defence by interrogating the security certificate chain pertaining to modern website security. It is a proactive strategy to scrutinise the online resources prior to download for assessment of likelihood that ransomware may be present as a result of inconsistencies between the URL and its security certificate. OpenSSL is employed for interrogating certificate attributes, including characteristics such as domain mismatch and revocation status, through the systematic approach of certificate retrieval, parsing and validation. Whilst not a ‘silver bullet solution’ to the wider realm of ransomware attacks, this study presents a nuanced approach to suspicion detected under certificate-related vulnerabilities at a preemptive and reconnaissance stage of hazard - a necessary basis for any subsequent cyber security investigation.
More Information
Statistics
Downloads
Downloads per month over past year
Metrics
Altmetric Badge
Dimensions Badge
Share
Actions (login required)
View Item |