Hunting for Suspicious HTTPS and TLS Connections
ฝัง
- เผยแพร่เมื่อ 29 ก.ย. 2024
- This talk navigates the landscape of HTTPS and TLS connections, distinguishing between encrypted and unencrypted HTTPS, and outlining methods to identify suspicious activities. Attendees will learn about tracking encryption certificates and utilizing TLS fingerprinting for threat hunting. We'll also discuss the benefits and limitations of the TLS 1.3 protocol. Ideal for cyber defense professionals and SOC analysts, this session provides essential information on detecting suspicious connections in our environments.
About the Speaker
Max Deweerdt is a SANS Certified Instructor teaching SEC511: Continuous Monitoring and Security Operations. He is also head of sales engineering at NVISO. He has extensive experience with a range of Cyber Defense topics - from policy and frameworks, risk & compliance to deep technical expertise (e.g. threat hunting, incident response, SOC). Max is a trusted advisor to various governments, large corporations and businesses in the EMEA region.
