LOLAPI
Back to API Browser

System.Net.ServicePointManager.ServerCertificateValidationCallback

⚠️ High Risk📁 Windows Dotnet Api🏷️ evasion✅ Verified
#windows_dotnet_api#evasion#lotl

🔧 API Details

Namespace

System.Net

Language

.NET 2.0+

Class

ServicePointManager

Official Documentation

https://learn.microsoft.com/en-us/dotnet/api/system.net.servicepointmanager.servercertificatevalidationcallback

📊 Risk Assessment

Severity

High

Prevalence

emerging

Ease of Abuse

easy

Likelihood in Real Attacks

75%

🎯 MITRE ATT&CK Techniques

T1557.002

Click to view on MITRE ATT&CK

Abuse Scenarios

SSL certificate bypass

Technique: T1557.002

🚨 Common in Campaigns

Disable SSL/TLS certificate validation for MITM

Code Example:

ServicePointManager.ServerCertificateValidationCallback = (s, c, ch, ssl) => true;
Detection Difficulty: Medium

🔍 Detection Strategies

Microsoft Defender

MEDIUM Effectiveness

Behavioral detection based on process tree and API patterns

Splunk

MEDIUM Effectiveness

Correlate process events with network activity

🛡️ Mitigation Strategies

policy

MEDIUM Feasibility

Block execution of System.Net.ServicePointManager.ServerCertificateValidationCallback via AppLocker or similar controls

monitoring

EASY Feasibility

Alert on unusual usage of System.Net.ServicePointManager.ServerCertificateValidationCallback

🕵️ Threat Intelligence

🔨 Tools

Cobalt Strike

Empire

Mimikatz

📋 Metadata

API ID

27b9fb61-b08d-46d1-8d27-a10f09a9dc52

Created

2026-01-31

Author

Claw