I hereby claim:
- I am leebrotherston on github.
- I am lee (https://keybase.io/lee) on keybase.
- I have a public key whose fingerprint is C110 4776 8997 2E64 A7B5 793E D04D 4922 FBAE 8F3B
To claim this, I am signing this object:
Ever been busted because you man in the middled software (which does TLS properly) and it alerted someone to your bad | |
certificate? No more! Want to detect certain types of connections leaving your network, but can’t keep the IP blacklist up | |
to date? This could be the answer. | |
This talk includes an introduction to both TLS and man in the middle attacks, a walkthrough on what TLS fingerprints | |
contain, how to create your own fingerprints, how we use the fingerprints in several scenarios, a demo, and a discussion of | |
implications and pitfalls. | |
TLS provides transport security to all manner of connections from legitimate financial transactions to private | |
conversations and malware calling home. The inability to analyse encrypted traffic protects its users, whether they are |
A window size of 1 and the abscence of the do not fragment bit is consistent with observed injected packets from the Perftech bulletin system, amongst others. | |
It does not of course guarantee injection has taken place as it is possible to generate this type of packet legitimately, however I have yet to experience a false positive with this. | |
For further information on this, please see: http://blog.squarelemon.com/blog/2014/10/29/corporation-in-the-middle/ |
URLs: | |
----- | |
SlideShare (SecTor & BSidesTO & TASK versions): http://www.slideshare.net/LeeBrotherston/ | |
Recording of talk (SecTor): http://blog.squarelemon.com/blog/2014/10/29/corporation-in-the-middle/ | |
Contact: | |
-------- | |
Twitter: @synackpse | |
email: lee@squarelemon.com |
I hereby claim:
To claim this, I am signing this object: