ATT&CK v18 has been released! Check out the blog post or changelog for more information.

Detection of SSL Pinning

Technique Detected: SSL Pinning | T1521.003

ID: DET0646

Domains: Mobile

Analytics: AN1725, AN1726

Version: 1.0

Created: 21 October 2025

Last Modified: 21 October 2025

Version Permalink

Live Version

AN1725

Application vetting services can detect certificate pinning by examining an application’s network_security_config.xml file, although this behavior can be benign.

Log Sources

Data Component	Name	Channel
Application Assets (DC0119)	Application Vetting	None

AN1726

Application vetting services can detect certificate pinning by examining an application’s network_security_config.xml file, although this behavior can be benign.

Log Sources

Data Component	Name	Channel
Application Assets (DC0119)	Application Vetting	None