TLS, and it’s older forerunner SSL, are used to maintain the confidentiality and integrity of network communications. This is a double edged sword for Information Security departments as this allows private information to remain private, but can also be used to hide malicious activity.
Current defensive measures for dealing with network traffic encrypted using TLS typically takes one of two forms; attempting to detect malicious activities via other means which are outside of the encrypted session, such as endpoint security tools and IP address blacklists. The other approach is to break the TLS trust model by effectively attacking all connections, including trusted connections, via MiTM with a trusted certificate.
This talk discusses the problems with the current state of the art and introduces other techniques, such as TLS Fingerprinting and TLS Handshake Mangling, which can be used to solve the same problems with less of the issues.
leebrotherston
ks91
yamahiro
ju_hnny5
nakamuuu
mitsuzono
yajihum
layerx
handy
osyoyu
soudai
soracom
miyakemito
bkeepers
malarkey
holman
keathley
thekraken
sachag
maltzj
reverentgeek
garrettdimon
jacobian
robhawkes
hatefulcrawdad
