SSL Certificate Tampering
Incident Management is now generally available! Incident Management is now generally available!
<  Back to rules search

SSL Certificate Tampering

Classification:

compliance

Framework:

Control:

Overview

Goal

Detect potential tampering with SSL certificates.

Strategy

SSL certificates, and other forms of trust controls establish trust between systems. Attackers may attempt to subvert trust controls such as SSL certificates in order to trick systems or users into trusting attacker-owned assets such as fake websites, or falsely signed applications.

Triage & Response

  1. Check whether there were any planned changed to the SSL certificates stores in your infrastructure.
  2. If these changes are not acceptable, roll back the host or container in question to a known trustworthy configuration.