TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Lobsters — security tag

Revocation of X.509 certificates

blog.apnic.net via raymii · 2026-04-25 · Read original ↗

ATT&CK techniques detected

5 predictions
T1649Steal or Forge Authentication Certificates
52%
"use a different form of revocation checks. the approach, termed ‘ crlsets ’, involves chrome using googlebots to crawl across crls and collect a set of current revocations. details are a little sparse, but many reports claim that the list of revoked certificates is then trimmed, …"
T1649Steal or Forge Authentication Certificates
47%
"another point of potential service failure is hardly a sensible move. a hard - fail framework also runs the risk of making these ocsp servers yet another point of vulnerability in a hostile denial - of - service scenario. it appears that many client applications and operating sys…"
T1552.004Private Keys
39%
"use a different form of revocation checks. the approach, termed ‘ crlsets ’, involves chrome using googlebots to crawl across crls and collect a set of current revocations. details are a little sparse, but many reports claim that the list of revoked certificates is then trimmed, …"
T1649Steal or Forge Authentication Certificates
33%
", compared to the months, years and even multiple years in web pki certificates. that means that the window of vulnerability in dnssec from a compromised key is far shorter than that of the web pki. this is the major reason why revocation is a far bigger issue in web pki certific…"
T1649Steal or Forge Authentication Certificates
32%
"from 90 days to 45 days, it was not an isolated action. as let ’ s encrypt noted in their announcement in december 2025 : “ this change is being made along with the rest of the industry, as required by the ca / browser forum baseline requirements, which set the technical requirem…"

Summary

Comments