Had a quick look at the Cynet 360 endpoint #security solution the other day. It doesn't validate certificates for it's C&C connections so can be MiTM'd (and it allows running C&C to run arbitrary commands as root...) https://www.bentasker.co.uk/blog/security/690-cynet-360-fetches-executable-modules-insecurely #ssl #tls