<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2180921&amp;fmt=gif">

Live at CyberShock - Data Mining TLS Network Traffic

by Markus Kont | Sep 27, 2021 | Events

On 6 October 2021, I’ll be giving a talk entitled “Data Mining TLS Network Traffic.” This is presented as part of CyberShock 2021 and will be streamed live starting at 15:10 (UTC+3).

NOTE: A recording of this talk is now available on YouTube. See below

 

Data Mining TLS Network Traffic

Uncovering malware callback beacons - to command and control (C2) servers - by observing traffic in modern networks has a number of challenges. This is because most traffic is encrypted, and traditional IoC signatures are optimized to find known behaviors.

In this talk I will show how simple data mining and statistical analysis can be applied on Suricata TLS and Flow events to reveal infrequent TLS servers and connections with periodic patterns. And we’ll show how TLS JA3S makes this all possible.

Background on CyberShock 2021

CyberShock 2021 is a strictly technical online cybersecurity conference, which will provide participants with a deep insight into a wide range of cybersecurity related matters, that will be explained by highly prized international experts who will give presentations with the live demo included.

The conference is organized by CERT.LV in cooperation with partners Tet Group, Cyber Circle, Cybexer Technologies and CTF Tech. Last year's conference gathered more than 700 participants from more than 30 countries.

For more information and registration, visit https://cybershock.lv

Please join us if you can.

Markus Kont

Markus is a threat researcher and software engineer at Stamus Networks. In this role, he is focused on threat intelligence, data science and engineering, and backend research and development. Before joining Stamus Networks, Markus spent over 5 years as a technology researcher in the NATO Cooperative Cyber Defense Center of Excellence, where he specialized in monitoring and intrusion detection, and conducted classroom trainings for Suricata and Moloch. Prior to that he worked as a server administrator for Estonian hosting and software development company. Markus holds a Master of Science degree in Cyber Security and has published several academic papers while pursuing a PhD. Markus resides in Tallinn, Estonia.

Schedule a Demo of Stamus Security Platform

REQUEST A DEMO

Related posts

Stamus Networks at Black Hat Europe 2024

Stamus Networks is excited to return to Black Hat Europe 2024 at Excel London, United Kingdom 9-12...

Stamus Networks at Suricon 2024

Each year, Suricon attracts visitors from around the world for three days of training and...

See Stamus Networks at an Event Near You!

Stamus Networks is excited to announce that our co-founders Éric Leblond (Chief Technology Officer)...