Video

Threat Briefing: EV Certificates

In this episode, Lucie and Fabien break down findings from the leaked Black Basta chat logs showing how the group systematically abused Extended Validation (EV) certificates to sign malware and evade detection. From buying stolen certs on underground forums to remotely accessing YubiKeys over RDP, the operation reveals a high level of coordination—and a serious blind spot in trust-based security models.

We walk through:

  • What EV certificates are and why they matter
  • How attackers obtained and used them
  • Real examples from the leaked conversations
  • The exact signing process (including tooling and commands)
  • Why traditional defenses often miss this
  • How the Vectra AI Platform detects the behavior behind the certificate
Threat Briefing: EV Certificates
Select language to download
Access
Video
Can't see the form?

We noticed you may not be able to see our form. This occurs when privacy tools (which we fully support) block third-party scripts.

Firefox users:

Click the shield icon in your address bar → "Turn off Tracking Protection for this site"

Chrome with privacy extensions:

Temporarily allow this site in your ad blocker or privacy extension settings

Prefer not to change settings?

Email us directly at support@vectra.ai or info@vectra.ai


We use HubSpot forms for functionality, not tracking. Your privacy matters to us—that's why we're giving you these options.

Trusted by experts and enterprises worldwide

FAQs