<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2180921&amp;fmt=gif">

Live at CyberShock - Data Mining TLS Network Traffic

by Markus Kont | Sep 27, 2021 | Events

On 6 October 2021, I’ll be giving a talk entitled “Data Mining TLS Network Traffic.” This is presented as part of CyberShock 2021 and will be streamed live starting at 15:10 (UTC+3).

NOTE: A recording of this talk is now available on YouTube. See below

 

Data Mining TLS Network Traffic

Uncovering malware callback beacons - to command and control (C2) servers - by observing traffic in modern networks has a number of challenges. This is because most traffic is encrypted, and traditional IoC signatures are optimized to find known behaviors.

In this talk I will show how simple data mining and statistical analysis can be applied on Suricata TLS and Flow events to reveal infrequent TLS servers and connections with periodic patterns. And we’ll show how TLS JA3S makes this all possible.

Background on CyberShock 2021

CyberShock 2021 is a strictly technical online cybersecurity conference, which will provide participants with a deep insight into a wide range of cybersecurity related matters, that will be explained by highly prized international experts who will give presentations with the live demo included.

The conference is organized by CERT.LV in cooperation with partners Tet Group, Cyber Circle, Cybexer Technologies and CTF Tech. Last year's conference gathered more than 700 participants from more than 30 countries.

For more information and registration, visit https://cybershock.lv

Please join us if you can.
Markus Kont

Markus Kont

Markus is a threat researcher and software engineer at Stamus Networks. In this role, he is focused on threat intelligence, data science and engineering, and backend research and development. Before joining Stamus Networks, Markus spent over 5 years as a technology researcher in the NATO Cooperative Cyber Defense Center of Excellence, where he specialized in monitoring and intrusion detection, and conducted classroom trainings for Suricata and Moloch. Prior to that he worked as a server administrator for Estonian hosting and software development company. Markus holds a Master of Science degree in Cyber Security and has published several academic papers while pursuing a PhD. Markus resides in Tallinn, Estonia.

Schedule a Demo of Stamus Security Platform

REQUEST A DEMO

Related posts

Stamus-at-SuriCon2024

Stamus Networks at Suricon 2024

Each year, Suricon attracts visitors from around the world for three days of training and...

See Stamus Networks at an Event Near You!

Stamus Networks is excited to announce that our co-founders Éric Leblond (Chief Technology Officer)...

BlackHat-Europe-2022-Stamus

Stamus Networks Reflections on BlackHat Europe 2022

BlackHat Europe 2022 was the last conference of an eventful year for our team at Stamus Networks....

ABOUT STAMUS NETWORKS ™

Stamus Networks believes in a world where defenders are heroes, and a future where those they protect remain safe. As organizations face threats from well-funded adversaries, we relentlessly pursue solutions that make the defender’s job easier and more impactful. The global leader in Suricata-based network security solutions, Stamus Networks helps enterprise security teams know more, respond sooner and mitigate their risk with insights gathered from cloud and on-premise network activity. Our Stamus Security Platform combines the best of intrusion detection (IDS), network security monitoring (NSM), and network detection and response (NDR) systems into a single solution that exposes serious and imminent threats to critical assets and empowers rapid response. 

Indianapolis, USA Paris, France

Privacy

© 2014-2024 Stamus Networks, Inc. All rights Reserved.