PKI-COMPELLEDCredential Access

Compelled / Government CA Misissuance

Government-mandated trust anchors used to MITM (DigiNotar 2011, TURKTRUST 2013, Symantec misissuance) — every CA error becomes everyone's problem.

§ Where this technique fits

PKI-COMPELLED is catalogued under the Credential Access tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 2 on average.

§ Dossiers chaining this technique

Compromised root CA → arbitrary cert issuance → silent MITM
Compromise the private key (or signing process) of a publicly-trusted root or intermediate. Issue an unlogged cert for the target hostname; use it for invisible TLS MITM until CT-log monitoring or revocation catches up.
step 2 / 6

§ What commonly comes next

01
BGP Route Hijack
NET-BGP-HIJACK · Lateral Movement
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Compromised root CA → arbitrary cert issuance → silent MITM

§ What commonly comes next