SSL/TLS Inspection

Break and inspect SSL/TLS sessions to look at encrypted web traffic for adversary activity.

ID: M0920
Version: 1.0
Created: 06 June 2019
Last Modified: 24 October 2022

Techniques Addressed by Mitigation

Domain ID Name Use
ICS T0884 Connection Proxy

If it is possible to inspect HTTPS traffic, the captures can be analyzed for connections that appear to be domain fronting.