Adds some rationale for colleting TLS

2019-03-07 16:56:55 +01:00 · 2019-03-07 16:56:55 +01:00 · 709ee24732
parent febb1bf8c6
commit 709ee24732
2 changed files with 24 additions and 0 deletions
--- a/docs/informal-preso/0-intro-banana/d4-introduction.pdf
+++ b/docs/informal-preso/0-intro-banana/d4-introduction.pdf
--- a/docs/informal-preso/0-intro-banana/d4-introduction.tex
+++ b/docs/informal-preso/0-intro-banana/d4-introduction.tex
@ -104,6 +104,30 @@
        \includegraphics[scale=0.18]{d4-2.png}
 \end{frame}

+\begin{frame}
+        \frametitle{D4 client example : A passive SSL fingerprinter}
+
+        History of links between:
+        \begin{itemize}
+          \item x509 certificates (And therefore their fields) 
+          \item Ports
+          \item IP address
+          \item Client (ja3)
+          \item Server (ja3s)
+        \end{itemize}
+\end{frame}
+        
+\begin{frame}
+        \frametitle{D4 client example : A passive SSL fingerprinter}
+        CSIRT's rationale for collecting TLS handshakes:
+        \begin{itemize}
+          \item Pivot on additional data points
+          \item Find owners of IP addresses
+          \item Detect usage of CIDR blocks
+          \item Detect vulnerable systems
+          \item Detect compromised services
+        \end{itemize}
+\end{frame}

 \begin{frame}
        \frametitle{D4 client example : A passive SSL fingerprinter}