Add Certificates

[azurekid]

Change(s):

• Updated Queries/orphan-resources-queries.md
• Updated Workbook/Orphan Resources.workbook
• Updates Workbook/Orphan Resources.json

Reason for Change(s):

• expanded use-cases with expired certificates
• added empty lines between the headers and code blocks according to the KQL coding standards
• added type to code blocks to enable syntax highlighting.

Testing Completed:

• Yes

Validated if the query was working correctly by extending the lookback period to see results of expired certificates that are attached to a web application.

[azurekid]

@dolevshor Hope this will be added to this amazing solution.

[azurekid]

@dolevshor friendly reminder. If there is anything I can help with to maintain this project, please let me know.

[dolevshor]

@azurekid First, thank you very much for the suggestion.
I am debating whether certificates fall into the category of orphaned resources? I would love to hear your point of view.

[azurekid]

Hi @dolevshor, from a security point of view it doesn't really matter. But because these certificates are Azure resources, they should be cleaned up once expired.

From a red teamer point of view, iet could be interesting to see what old names were attached to web applications based on the expired certificates, and abuse this information to create a malicious web app with the same name and a new certificate.

[dolevshor]

Hi @azurekid,
It makes sense that they would be classified as orphaned resources.

I will make sure to add your suggestion to v2.0. (I will publish it today).

[azurekid]

Hi @azurekid,
It makes sense that they would be classified as orphaned resources.

I will make sure to add your suggestion to v2.0. (I will publish it today).

Thanks man!

Please shout out if I can help reviewing code etc.
Love doing community work 💪

[dolevshor]

Hi @azurekid ,

Now the orphaned Certificates is include in the workbook as part of the v2.0 release.
I close the PR.

Thanks again for this contribution!