Just posted my article called "Code Signing on a Budget" which shows how easy it is to find/abuse legitimate code signing certificates. Using this, I found a valid code signing certificate belonging to a leading tech company and disclosed it to them. jackson-t.ca/certificate-the…

3:02 PM · May 3, 2020

3
109
222
Replying to @Jackson_T
Nice finding!
0
0
1
Replying to @Jackson_T
Great work, did you verified that the exposed pfx / p12 was revoked after their mitigation of the exposed repo ?
0
0
0