Explore innovative techniques for detecting traffic anomalies using SSL certificates in this 37-minute conference talk from the Security Onion Conference 2019. Delve into two distinct detection methods and learn how to enhance SSL logs with additional metadata. Follow along with a live demonstration of a Python script designed for this purpose. Discover the power of dashboards and visualizations in identifying anomalies, and gain insights into various tools and concepts such as J3 Description, PowerShell Bits, Metasploit, and traditional SSL logging. Understand the importance of country codes, UID, and intel sources in network analysis. Equip yourself with valuable knowledge to improve your security monitoring capabilities and detect potential threats more effectively.
Finding Traffic Anomalies Using SSL Certificates
Overview
Syllabus
Introduction
Two methods of detection
Adding metadata to SSL logs
Python script
Live demo
Exiting the viewer
Dashboard
Visualizations
J3 Description
J3 Unknown
PowerShell Bits
Metasploit
Source destination
Clientside hash
Traditional SSL log
System on Data
Bro Notice
Country Codes
UID
Intel
Source
Network analyst
Questions
Taught by
Security Onion
