Webinar takeaway: How to Analyze Encrypted Traffic on Your Network

My key takeaways

• Encrypted traffic on the wire: can see headers, can’t see payload
• More and more traffic gets encrpyted like HTTPS and even DNS
• Most Threat Hunt techniques still work: beacons/strobes, long connections and connections to Threat Intel hosts

Env

• Provided by Active Countermeasures
• Presenter: Alex Kirk from Corelight

additional links

• https://corelight.blog/2020/11/19/corelight-at-home/
• https://zeek.org/
• Blog: Alternative DNS Techniques
• Blog: Detecting SUNBURST/Solarigate activity in retrospect with Zeek – a practical example
• Blog: DNS over TLS and DNS over HTTPS