SSL/TLS Inspection

From attackics
Revision as of 14:10, 10 April 2021 by Oalexander (talk | contribs) (Oalexander moved page SSL/TLS Inspection to SSL/TLS Inspection)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
SSL/TLS Inspection
Mitigation
ID M0920

Description

Break and inspect SSL/TLS sessions to look at encrypted web traffic for adversary activity.


Techniques Addressed by Mitigation

NameUse
Connection ProxyIf it is possible to inspect HTTPS traffic, the captures can be analyzed for connections that appear to be domain fronting.