About Adel (@0x4D31)
Adel is a Security Engineer on the Detection team at an unnamed search engine company! Before joining
Encryption is a warm snuggly invisibility blanket both for us and for attackers. So how can we tell if encrypted network traffic is malicious?
This talk will explore techniques you can use to fingerprint encrypted network traffic including RDP, SSH and SSL/TLS, and how to use these techniques to hunt for badness!
Network metadata and fingerprints can also be used to profile and cluster internet-wide scans! I will share some of the interesting activities observed by my honeypots, and show your how TLS fingerprinting and visualization helped me discover a new evasion technique!