Created
September 18, 2015 20:48
-
-
Save LeeBrotherston/f5ab566d77e114f85692 to your computer and use it in GitHub Desktop.
Stealthier Attacks and Smarter Defending With TLS Fingerprinting
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Ever been busted because you attempted to man in the middle software (which does TLS properly) and it | |
| alerted someone to your bad certificate? No more! Want to detect certain types of connections leaving | |
| your network, but can’t keep the IP blacklist up to date? This could be the answer. | |
| This talk includes an introduction to both TLS and man in the middle attacks, a walkthrough on what | |
| TLS fingerprints contain, how to create your own fingerprints, how we use the fingerprints in several | |
| scenarios, and a discussion of implications and pitfalls. | |
| TLS provides transport security to all manner of connections from legitimate financial transactions to | |
| private conversations and malware calling home. The inability to analyse encrypted traffic protects its | |
| users, whether they are legitimate or malicious. This talk explores a technique for quickly and passively | |
| fingerprinting TLS clients and adapting our responses for the purposes of both attack and defence. | |
| Attackers can make automated decisions concerning when to man in the middle a connection and when to let | |
| the clients pass through silently, remaining stealthy. Defenders can gain insight into what is making | |
| encrypted connections within their networks without access to either endpoints or cryptographic keying | |
| material. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment