12 Days of Defense - Day 7: Detecting Malware Without TLS Decryption / TLSv1.2 vs TLS1.3
In this episode we explore a couple of very important TLS-related concepts for blue team members. How to see certificate details for TLS connections The difference in visibility between TLS1.2 and TLS1.3 How to identify malware without decryption of traffic - yes you can do it! === My SANS Courses: SEC450 - Blue Team Fundamentals: https://sans.org/sec450 MGT551 - Building and Leading Security Operations Centers: https://sans.org/mgt551 Blueprint Podcast: https://sans.org/blueprint-podcast Twitter: / sechubb
▶︎
12 Days of Defense - Day 8: How Encrypted SNI works (and How It Will Blind Your Security Team)
▶︎
12 Days of Defense - Day 4: How to Analyze Email Headers and How Spoofed Email Works
▶︎
12 Days of Defense - Day 2: How to use Zeek for PCAP Analysis
▶︎
Learning to Hack Active Directory Certificate Services (with Shikata!)
▶︎
The Packet Analysis Skill That Gets You Hired in a SOC
▶︎
12 Days of Defense - Day 1: PDF and Office Doc Malware IOC Extraction
▶︎
12 Days of Defense - Day 3: How the SOC Works (Security Monitoring Tools and Architecture)
▶︎
Investigating Malware Using Memory Forensics - A Practical Approach
▶︎
12 Days of Defense - Day 6: How DNS over HTTPS (DoH) Works / DNS Privacy
▶︎
SOC Analyst Skills - Wireshark Malicious Traffic Analysis
▶︎
Tech Talk: What is Public Key Infrastructure (PKI)?
▶︎
12 Days of Defense - Day 11: Prioritizing Detection with MITRE ATT&CK Navigator
▶︎
I Built an Untraceable OSINT Lab (Here's How)
▶︎
How SOC Analysts Actually Investigate Network Traffic (Wireshark Walkthrough)
▶︎
12 Days of Defense - Day 9: How to Analyze HTTP Traffic in Wireshark
▶︎
DCSync Attack
▶︎
HTTP for Hackers
▶︎
12 Days of Defense - Day 5: How Windows Security Logging Works
▶︎