My key takeaways
- Encrypted traffic on the wire: can see headers, can’t see payload
- More and more traffic gets encrpyted like HTTPS and even DNS
- Most Threat Hunt techniques still work: beacons/strobes, long connections and connections to Threat Intel hosts
Env
- Provided by Active Countermeasures
- Presenter: Alex Kirk from Corelight