Certificate Transparency mining TL;DR: crt.sh, censys.io, certspotter — every TLS cert issued to a domain is public. Best passive subdomain source. Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References https://crt.sh/