<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2180921&amp;fmt=gif">

Live at CyberShock - Data Mining TLS Network Traffic

On 6 October 2021, I’ll be giving a talk entitled “Data Mining TLS Network Traffic.” This is presented as part of CyberShock 2021 and will be streamed live starting at 15:10 (UTC+3).

NOTE: A recording of this talk is now available on YouTube. See below

 

Data Mining TLS Network Traffic

Uncovering malware callback beacons - to command and control (C2) servers - by observing traffic in modern networks has a number of challenges. This is because most traffic is encrypted, and traditional IoC signatures are optimized to find known behaviors.

In this talk I will show how simple data mining and statistical analysis can be applied on Suricata TLS and Flow events to reveal infrequent TLS servers and connections with periodic patterns. And we’ll show how TLS JA3S makes this all possible.

Background on CyberShock 2021

CyberShock 2021 is a strictly technical online cybersecurity conference, which will provide participants with a deep insight into a wide range of cybersecurity related matters, that will be explained by highly prized international experts who will give presentations with the live demo included.

The conference is organized by CERT.LV in cooperation with partners Tet Group, Cyber Circle, Cybexer Technologies and CTF Tech. Last year's conference gathered more than 700 participants from more than 30 countries.

For more information and registration, visit https://cybershock.lv

Please join us if you can.

Schedule a Demo of Stamus ND or Stamus NDR

REQUEST A DEMO

Related posts

SuriCon 2021: Through the Eyes of the Conference Organizers

This year SuriCon was a hybrid event for the first time ever. The conference was held both...

SuriCon 2021: Through the Eyes of the Stamus Networks Team

Regular readers of this blog and friends of Stamus Networks will know that we are very closely...

Spin up a Complete Suricata Network Security Platform in Under 2 Minutes

Believe it or not, you can launch a turnkey Suricata IDS/IPS/NSM installation – with as few as 4...