Explore the intricacies of JARM, an active TLS fingerprinting algorithm developed by Salesforce, in this comprehensive conference talk from the Hack In The Box Security Conference. Delve into the algorithm's functionality, including its ability to cluster servers with similar TLS configurations, identify default application settings, and detect malware C&C servers. Learn about the first C++ implementation of JARM, which offers additional features, and gain insights from a deep technical analysis of its inner workings. Examine the factors that contribute to unique or shared JARM fingerprints, and discover peculiar server behaviors that may affect fingerprint confidence levels. Consider potential improvements to the algorithm for enhanced fingerprint reliability. Review fascinating findings from scans of the top 1 million Alexa websites and 100,000 WordPress sites. Access the source code and supporting data, which will be made available on GitHub, to further your understanding of this powerful TLS fingerprinting tool.
Exploring JARM – An Active TLS Fingerprinting Algorithm
Hack In The Box Security Conference via YouTube
Overview
Syllabus
#HITB2023AMS #COMMSEC D1 - Exploring JARM – An Active TLS Fingerprinting Algorithm - Mohamad Mokbel
Taught by
Hack In The Box Security Conference
Related Courses
-
Stealthier Attacks and Smarter Defending With TLS Fingerprinting
-
JARM Randomizer - Evading JARM Fingerprinting
-
AEZAKMI - Browser Anonymity & Fingerprinting Bypass
-
All You Always Wanted to Know About Antiviruses
-
The Work of Cyber in the Age of Mechanical Reproduction
-
HTTP Statuses as C2 Commands and Compromised TLS
