app:tlsfingerprint
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Last revisionBoth sides next revision | ||
app:tlsfingerprint [2017/11/29 23:03] – [Programatically resolving TLS Prints] veera | app:tlsfingerprint [2017/11/29 23:04] – [Analysis of TLS Fingerprints] veera | ||
---|---|---|---|
Line 45: | Line 45: | ||
==== Analysis of TLS Fingerprints ==== | ==== Analysis of TLS Fingerprints ==== | ||
- | What are you going to do with these prints. There are a few options | + | There are two actionable things |
+ | |||
* **Malware prints** | * **Malware prints** | ||
* **Anomaly detection** : If you can track known prints,then you can build a large Database over a period of time. After that you can send unseen prints into a " | * **Anomaly detection** : If you can track known prints,then you can build a large Database over a period of time. After that you can send unseen prints into a " | ||
- | |||
- | In both analysis paths,we think TLS Prints is a valuable piece of intel, especially given we are moving to pervasive TLS. | ||
- | |||
- | Lets look at what you can do with TrisulNSM and the new TLS Prints App. | ||
app/tlsfingerprint.txt · Last modified: 2018/03/04 13:27 by veera