February 3

Webinar takeaway: How to Analyze Encrypted Traffic on Your Network

Security

0  comments

My key takeaways

  • Encrypted traffic on the wire: can see headers, can't see payload
  • More and more traffic gets encrpyted like HTTPS and even DNS
  • Most Threat Hunt techniques still work: beacons/strobes, long connections and connections to Threat Intel hosts

Env

additional links

Tags

blue team, threat hunting

You may also like

What Fantasy Role-Playing Games Can Teach Us About Cybersecurity Roles

— And why your SOC might actually need a Bard 🐉⚔️ Cybersecurity teams are often compared to armies, fire brigades, or special forces. Personally? I think they’re much closer to a party of heroes in a classic fantasy role-playing game. No matter how many frameworks, SIEMs, or AI tools we summon, defending a digital kingdom

Read More

Webinar takeaway – Applying The Threat Hunter’s Runbook

My key takeaways threat hunting runbook Identify connection persistency Identify if there is a business need Protocol analysis Investigate external IP address Investigate internal IP address Threat hunting is stealthy only when in IR mode, the adversary should be allowed to notice we are after him set the TCP timeout from 5min to 1h in

Read More
Leave a Comment