Play all

Intro

Stealthier Attacks & Smarter Defending with TLS Fingerprinting

A "Zero Math, (almost) Zero Crypto", TLS Talk

TLS PRIMER ..... (Shhhh.... it's not a cryptographic algorithm)

Fingerprints

Why

Origin Story

Expanding.

Extensions

Significant, key-value order is!

Creating a FingerPrint

Deobfuscation

Any Port v Stateless v Asymmetric v Low Cost v

Storage & Retention

Own Fingerprint Modification

Collisions?

Yes... ok no. sort of.... a bit.... occasionally

Anomaly Detection

Not Just

Attacker Level 1: Stealth MiTM

Hacked Proxy BGP Hijacking Rogue DHCP Malicious Tor Node

TLS Attacks

Fingerprint Defined Routing Ž

Attacker Level 2: AntiForensics

Enumerated Targets Prepared Exploits Delivered Stager/Phish v Awaiting Callback...

Fingerprint Canaries

Homogeneous Platforms

End Of Level Boss: Nation State Attackers (zomg!) ?

Honorable Mention: HoneyPots

FingerPrint DB

Demo?

What's Next?

Random Observations

Description:

Explore the intricacies of TLS fingerprinting in this 46-minute conference talk from Derbycon 2015. Delve into stealthier attack techniques and smarter defense strategies, focusing on a "zero math, (almost) zero crypto" approach to TLS. Learn about fingerprint creation, deobfuscation, and anomaly detection. Examine various attack levels, including stealth MiTM, anti-forensics, and potential nation-state tactics. Discover the concept of fingerprint canaries and their application in homogeneous platforms. Gain insights into fingerprint-defined routing, honeypo ts, and the future of TLS fingerprinting through practical demonstrations and random observations.

Stealthier Attacks and Smarter Defending With TLS Fingerprinting

Add to list

#Conference Talks #Information Security (InfoSec) #Cybersecurity #Data Science #Data Analysis #Anomaly Detection #Digital Forensics #Anti-Forensics