ncdns icon indicating copy to clipboard operation
ncdns copied to clipboard
verified publisher icon namecoin

ncdumpzone: Add support for Windows Enterprise Certificate Pinning XML output

Open JeremyRand opened this issue 7 years ago • 1 comments

It would be useful to add Windows Enterprise Certificate Pinning (ECP) XML as an output format for ncdumpzone. This would give us negative overrides on Windows 10 for any CryptoAPI application.

JeremyRand avatar May 11 '18 22:05 JeremyRand

From my notes:

  • https://docs.microsoft.com/en-us/windows/access-protection/enterprise-certificate-pinning
  • Microsoft claims it works in Edge and IE. Does it work in other CryptoAPI applications?
    • Looks like it works in Excel and Outlook as well. https://serverfault.com/questions/853136/mismatch-of-pin-rules-for-domain
  • Doesn't seem feasible for more than 1 ruleset to be in effect. So if Namecoin and an enterprise ruleset are both set, they will probably overwrite each other.
  • You can convert an EMET pinning rules XML file to an Enterprise Certificate Pinning XML file.
    • https://github.com/MicrosoftDocs/windows-itpro-docs/blob/master/windows/threat-protection/overview-of-threat-mitigations-in-windows-10.md#converting-an-emet-xml-settings-file-into-windows-10-mitigation-policies

JeremyRand avatar May 11 '18 22:05 JeremyRand