February 3

Webinar takeaway: How to Analyze Encrypted Traffic on Your Network

Security

0  comments

My key takeaways

  • Encrypted traffic on the wire: can see headers, can't see payload
  • More and more traffic gets encrpyted like HTTPS and even DNS
  • Most Threat Hunt techniques still work: beacons/strobes, long connections and connections to Threat Intel hosts

Env

additional links

Tags

blue team, threat hunting

You may also like

Webinar takeaway – Applying The Threat Hunter’s Runbook

My key takeaways threat hunting runbook Identify connection persistency Identify if there is a business need Protocol analysis Investigate external IP address Investigate internal IP address Threat hunting is stealthy only when in IR mode, the adversary should be allowed to notice we are after him set the TCP timeout from 5min to 1h in

Read More

Webinar takeaway – The Ins and Outs of RITA

My key takeaways RITA is made to detect beacons and long connections open source tool Signature based detection of malicious code is outdated Average detect time is over 6 month > 50% of compromised systems are detected by outsiders RITA is behaviour based Needs a bunch of pakets to work on min 1h, default 24h

Read More
Leave a Comment