SSL certificate tampering

Classification:

attack

Tactic:

TA0005-defense-evasion

Technique:

T1553-subvert-trust-controls

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Goal

Detect potential tampering with SSL certificates.

Strategy

SSL certificates, and other forms of trust controls establish trust between systems. Attackers may attempt to subvert trust controls such as SSL certificates in order to trick systems or users into trusting attacker-owned assets such as fake websites, or falsely signed applications.

Triage and response

  1. Check whether there were any planned changed to the SSL certificates stores in your infrastructure.
  2. If these changes are not acceptable, roll back the host or container in question to a known trustworthy configuration.
  3. Investigate security signals (if present) occurring around the time of the event to establish an attack path.
  4. Find and repair the root cause of the exploit.

Requires Agent version 7.27 or greater