ZetaCert Research

Research, audit, methodology

The ZetaCert Research team publishes what it finds in the open. Three free artefacts: a public audit tool, whitepapers, and the detector source code.

Public tool · Free

CryptoAudit

Audit a certificate or a hostname with the same detector chain used by our research team. No account, no retention.

Audit a certificate at audit.zetacert.com

Research · Whitepapers

Whitepapers

Cryptanalytic audits at corpus scale, analyses of migrated failure modes, CISO-facing recommendations. Academic rigour, executive readability.

Browse the whitepapers
Coming soon

Code · Open source

Cryptanalytic toolkit

Modern implementations of canonical detectors (batch GCD, Fermat factorisation, Hidden Number Problem, CA mis-issuance). Reproducible on commodity hardware.

See the GitHub repo

Our research principles

  • ·Reproducibility first. Every published finding can be replayed end-to-end from public Certificate Transparency.
  • ·Strict coordinated disclosure. No vendor or operator marker is unmasked before its agreed grace period expires.
  • ·Negative results published. What we looked for and did not find counts as much as what we did — and bounds our positive claims.
  • ·No marketing-grade cryptography. If a claim is not publicly verifiable, it does not appear in our publications.

A methodological question, a finding to report?

Our coordinated-disclosure channel is open to researchers, CERTs, vendors and operators.

Contact usresearch@zetacert.com