Adds some rationale for colleting TLS
parent
febb1bf8c6
commit
709ee24732
Binary file not shown.
|
@ -104,6 +104,30 @@
|
||||||
\includegraphics[scale=0.18]{d4-2.png}
|
\includegraphics[scale=0.18]{d4-2.png}
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{D4 client example : A passive SSL fingerprinter}
|
||||||
|
|
||||||
|
History of links between:
|
||||||
|
\begin{itemize}
|
||||||
|
\item x509 certificates (And therefore their fields)
|
||||||
|
\item Ports
|
||||||
|
\item IP address
|
||||||
|
\item Client (ja3)
|
||||||
|
\item Server (ja3s)
|
||||||
|
\end{itemize}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{D4 client example : A passive SSL fingerprinter}
|
||||||
|
CSIRT's rationale for collecting TLS handshakes:
|
||||||
|
\begin{itemize}
|
||||||
|
\item Pivot on additional data points
|
||||||
|
\item Find owners of IP addresses
|
||||||
|
\item Detect usage of CIDR blocks
|
||||||
|
\item Detect vulnerable systems
|
||||||
|
\item Detect compromised services
|
||||||
|
\end{itemize}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
\begin{frame}
|
\begin{frame}
|
||||||
\frametitle{D4 client example : A passive SSL fingerprinter}
|
\frametitle{D4 client example : A passive SSL fingerprinter}
|
||||||
|
|
Loading…
Reference in New Issue