Welcome to Cert Central
Cert Central is a centralized place to document the abuse of code-signing certificates.
This website provides a database that volunteers can contribute to. Volunteers are also able to view previously reported certificates and query the database.
If you are new to code-signing certificate abuse, check out the Training or Research resources available on this website.
If you are ready to contribute, you can Register for an account. Once you have an account, you can Submit the SHA256 hash of a signed file. At this time, the website requires that the signed file is on MalwareBazaar or UnpacMe. However, if the file is only on VirusTotal, you can use certReport (which generates reports and has an option to report to Cert Central) or certReportCentral (which is exclusively for reporting to Cert Central).
- certReport can be installed using pip: `pip install certReport`
- certReportCentral can be installed using pip: `pip install certReportCentral`