This talk navigates the landscape of HTTPS and TLS connections, distinguishing between encrypted and unencrypted HTTPS, and outlining methods to identify suspicious activities. Attendees will learn about tracking encryption certificates and utilizing TLS fingerprinting for threat hunting. We'll also discuss the benefits and limitations of the TLS 1.3 protocol. Ideal for cyber defense professionals and SOC analysts, this session provides essential information on detecting suspicious connections in our environments.