SSL certificate tampering

Classification:

attack

Tactic:

TA0005-defense-evasion

Technique:

T1553-subvert-trust-controls

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detect potential tampering with SSL certificates.

Strategy

SSL certificates, and other forms of trust controls establish trust between systems. Attackers may attempt to subvert trust controls such as SSL certificates in order to trick systems or users into trusting attacker-owned assets such as fake websites, or falsely signed applications.

Triage and response

  1. Check whether there were any planned changed to the SSL certificates stores in your infrastructure.
  2. If these changes are not acceptable, roll back the host or container in question to a known trustworthy configuration.
  3. Investigate security signals (if present) occurring around the time of the event to establish an attack path.
  4. Find and repair the root cause of the exploit.

Requires Agent version 7.27 or greater

PREVIEWING: aliciascott/DOCS-9725-Cloudcraft