SSL/TLS Inspection
Break and inspect SSL/TLS sessions to look at encrypted web traffic for adversary activity.
ID: M0920
Version: 1.0
Created: 06 June 2019
Last Modified: 24 October 2022
Techniques Addressed by Mitigation
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| ICS | T0884 | Connection Proxy |
If it is possible to inspect HTTPS traffic, the captures can be analyzed for connections that appear to be domain fronting. |
|