Seeing The Invisible: Finding Fingerprints on Encrypted Traffic

About Adel (@0x4D31)

Adel is a Security Engineer on the Detection team at an unnamed search engine company! Before joining , he worked as a lead detection engineer at Salesforce, hunting the bad guys! Adel is a computer detective by day and honeypot operator by night!

Talk Overview

Encryption is a warm snuggly invisibility blanket both for us and for attackers. So how can we tell if encrypted network traffic is malicious?

This talk will explore techniques you can use to fingerprint encrypted network traffic including RDP, SSH and SSL/TLS, and how to use these techniques to hunt for badness!

Network metadata and fingerprints can also be used to profile and cluster internet-wide scans! I will share some of the interesting activities observed by my honeypots, and show your how TLS fingerprinting and visualization helped me discover a new evasion technique!