The Certificate Transparency system provides public logs of TLS certificates. While Certificate Transparency is primarily used to uncover security issues in certificates, its data is also valuable for other use cases. The talk will present a novel way of exploiting common web applications like Wordpress, Joomla or Typo3 with the help of Certificate Transparency.
Certificate Transparency has helped uncover various incidents in the past where certificate authorities have violated rules. It is probably one of the most important security improvements that has ever happened in the certificate authority ecosystem. In September 2017 Google will make Certificate Transparency mandatory for all new certificates. So it's a good time to see how it could be abused by the bad guys.