On 6 October 2021, I’ll be giving a talk entitled “Data Mining TLS Network Traffic.” This is presented as part of CyberShock 2021 and will be streamed live starting at 15:10 (UTC+3).
NOTE: A recording of this talk is now available on YouTube. See below
Uncovering malware callback beacons - to command and control (C2) servers - by observing traffic in modern networks has a number of challenges. This is because most traffic is encrypted, and traditional IoC signatures are optimized to find known behaviors.
In this talk I will show how simple data mining and statistical analysis can be applied on Suricata TLS and Flow events to reveal infrequent TLS servers and connections with periodic patterns. And we’ll show how TLS JA3S makes this all possible.
CyberShock 2021 is a strictly technical online cybersecurity conference, which will provide participants with a deep insight into a wide range of cybersecurity related matters, that will be explained by highly prized international experts who will give presentations with the live demo included.
The conference is organized by CERT.LV in cooperation with partners Tet Group, Cyber Circle, Cybexer Technologies and CTF Tech. Last year's conference gathered more than 700 participants from more than 30 countries.
For more information and registration, visit https://cybershock.lv
Please join us if you can.