<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2180921&amp;fmt=gif">

Live at CyberShock - Data Mining TLS Network Traffic

by Markus Kont | Sep 27, 2021 | Events

On 6 October 2021, I’ll be giving a talk entitled “Data Mining TLS Network Traffic.” This is presented as part of CyberShock 2021 and will be streamed live starting at 15:10 (UTC+3).

NOTE: A recording of this talk is now available on YouTube. See below

 

Data Mining TLS Network Traffic

Uncovering malware callback beacons - to command and control (C2) servers - by observing traffic in modern networks has a number of challenges. This is because most traffic is encrypted, and traditional IoC signatures are optimized to find known behaviors.

In this talk I will show how simple data mining and statistical analysis can be applied on Suricata TLS and Flow events to reveal infrequent TLS servers and connections with periodic patterns. And we’ll show how TLS JA3S makes this all possible.

Background on CyberShock 2021

CyberShock 2021 is a strictly technical online cybersecurity conference, which will provide participants with a deep insight into a wide range of cybersecurity related matters, that will be explained by highly prized international experts who will give presentations with the live demo included.

The conference is organized by CERT.LV in cooperation with partners Tet Group, Cyber Circle, Cybexer Technologies and CTF Tech. Last year's conference gathered more than 700 participants from more than 30 countries.

For more information and registration, visit https://cybershock.lv

Please join us if you can.

Markus Kont

Markus is a threat researcher and software engineer at Stamus Networks. In this role, he is focused on threat intelligence, data science and engineering, and backend research and development. Before joining Stamus Networks, Markus spent over 5 years as a technology researcher in the NATO Cooperative Cyber Defense Center of Excellence, where he specialized in monitoring and intrusion detection, and conducted classroom trainings for Suricata and Moloch. Prior to that he worked as a server administrator for Estonian hosting and software development company. Markus holds a Master of Science degree in Cyber Security and has published several academic papers while pursuing a PhD. Markus resides in Tallinn, Estonia.

Schedule a Demo of Stamus Security Platform

REQUEST A DEMO

Related posts

Stamus Networks Reflections on BlackHat Europe 2022

BlackHat Europe 2022 was the last conference of an eventful year for our team at Stamus Networks....

Stamus Networks at BlackHat 2022

Just a few weeks after our last event, Suricon 2022, Stamus Networks is heading off to London for...

Reflections on Suricon 2022

Last week our team was in Athens for the biggest Suricata conference this year - Suricon 2022. The...