Trisul Network Analytics
Developer Zone

User Tools

Site Tools

You are here: Home » app » TLS Fingerprinting using Trisul
Trace: Setting up a GRE Tunnel to send Netflow to remote machine Configuring ERSPAN packet capture for Network Security Monitoring TLS Fingerprinting using Trisul
app:tlsfingerprint

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
app:tlsfingerprint [2017/11/29 17:33]
veera [Programatically resolving TLS Prints] 		app:tlsfingerprint [2018/03/04 07:57] (current)
veera
Line 1: Line 1:
-~~Title: ​SJLJSADJA ​~~ +~~Title: ​TLS Fingerprinting using Trisul ​~~ 
  
 ====== TLS Fingerprinter ====== ====== TLS Fingerprinter ======
Line 45: Line 45:
 ==== Analysis of TLS Fingerprints ==== ==== Analysis of TLS Fingerprints ====
    
-What are you going to do with these prints. There are a few options ​ +There are two actionable things ​you can do with these prints 
 + 
   * **Malware prints** ​ - These are hard to come by  but if you can get a few prints from malware clients. You can flag them quickly. These will likely evade IDS because they use TLS to connect to presumably well known C&C servers with valid certificates etc.   * **Malware prints** ​ - These are hard to come by  but if you can get a few prints from malware clients. You can flag them quickly. These will likely evade IDS because they use TLS to connect to presumably well known C&C servers with valid certificates etc.
   * **Anomaly detection** : If you can track known prints,then you can build a large Database over a period of time. After that you can send unseen prints into a "​Triage state" where a human can look into it.    * **Anomaly detection** : If you can track known prints,then you can build a large Database over a period of time. After that you can send unseen prints into a "​Triage state" where a human can look into it. 
- 
-In both analysis paths,we think TLS Prints is a valuable piece of intel, especially given we are moving to pervasive TLS.  
- 
-Lets look at what you can do with TrisulNSM and the new TLS Prints App. 
  
  
app/tlsfingerprint.1511976812.txt.gz · Last modified: 2017/11/29 17:33 by veera

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki