Articles
TLS Fingerprinting in the Real World
To protect your data, you must understand the traffic on your network. This task has become even more challenging with widespread use of the Transport Layer Security (TLS) protocol, which inhibits traditional network security monitoring techniques. The good news is that TLS fingerprinting can help…
Detecting Encrypted Malware Traffic (Without Decryption)
Introduction Over the past 2 years, we have been systematically collecting and analyzing malware-generated packet captures. During this time, we have observed a steady increase in the percentage of malware samples using TLS-based encryption to evade detection. In August 2015, 2.21% of the malware sa…
Hiding in Plain Sight: Malware’s Use of TLS and Encryption
Introduction TLS (Transport Layer Security) is a cryptographic protocol that provides privacy for applications. TLS is usually implemented on top of common protocols such as HTTP for web browsing or SMTP for email. HTTPS is the usage of TLS over HTTP, which is the most popular way of securing commun…