Among the filters of Asset Search provided by Criminal IP (hereinafter referred to as CIP) is ssl_issuer_organization. Using this filter, you can check which institution’s certificate was signed by an SSL protocol such as https. When we look at the SSL certificate of criminalip.io below, for example, “Verfieid by” is noted as “Sectigo Limited(formerly Comodo CA)” which implies that Comodo SSL certificate was used.
If you want to find certificates signed by Sectigo, you can search for it on Asset Search as follows. Here, we can see that hundreds of IP addresses are found since Sectigo is a prestigious certificate institution.
Using the same logic, let’s search for Red Had Satellite, a remote management system that distributes, organizes, and maintains systems across physical, virtual, and cloud environments. Satellite is a simple and convenient system as it provides provisioning, remote management and monitoring for multiple Red Hat Enterprise Linux distribution, using a single centralized tool. However, it is also the system that causes the most serious problem if exposed to the attack surface because it can be controlled externally. To search for Red Hat Satellite, you can input a certificate named “Katello.”
Here, you can check the SSL Certificate reflected in the https 443 port and Katello from Issuer Organization . If you open a browser and access it with the corresponding IP address, you will see the following the Red Hat Satellite’s remote management system. If an authentication attack is launched, attackers can penetrate inside the system and execute remote commands to the servers: this can be an especially dangerous misconfiguration in terms of attack surface management.
In some cases, Foreman (as shown below) appears instead of Red Hat Satellite. Because Foreman is also an open source application used for provisioning and lifecycle management in physical and virtual systems, it is considered a front-end system used in conjunction with the Red Hat family: Foreman is also in a dangerous state of being exposed to the attack surface like Red Hat Satellite.
Reference : ExploitWareLabs