DNS over TLS and DNS over HTTPS

Jamie Brim | June 18, 2020 | Brave, Chrome, CloudFlare, Cobalt Strike, Command And Control, Corelight Labs, dns, DoH, DoT, Firefox, Godlua, goDoH, HTTPS, json, json+https, Malware, network security monitoring, network traffic analysis, opera, PsiXbot, TLS, TLS 1.3, Zeek

By Jamie Brim, Corelight Security Researcher In this post, we’ll explore DNS over TLS (DoT) and DNS over HTTPS (DoH). DoT and DoH were invented to address privacy concerns associated with cleartext ...

Bright Ideas Blog

The light shines even brighter: Updates to Corelight’s Encrypted Traffic Collection

Vince Stoffer | June 16, 2020 | agent forwarding, Announcements, Authentication, Chrome, dns, DoH, encrypted traffic, encrypted traffic collection, Firefox, network security monitoring, network traffic analysis, network visibility, reverse tunnel, SSH, Suricata, Zeek

By Vince Stoffer, Senior Director, Product Management, Corelight With Corelight’s latest software release, v19, we are excited to announce the expansion of our Encrypted Traffic Collection (ETC). The ETC was introduced in ...

Bright Ideas Blog

Erik presenting PolarProxy at CS3Sthlm, photo credit: CS3Sthlm

Sharing a PCAP with Decrypted HTTPS

Erik Hjelmvik | January 13, 2020 | CS3, CS3Sthlm, decrypt, DoH, forensics, google, HTTP/2, http2, HTTPS, NetworkMiner, Pastebin, pcap, PolarProxy, TLS, TLS Inspection, TLS Interception, TLSI, Twitter, video, Wireshark

Modern malware and botnet C2 protocols use TLS encryption in order to blend in with 'normal' web traffic, sometimes even using legitimate services like Twitter or Instagram. I did a live demo ...

NETRESEC Network Security Blog

NetworkMiner 2.5 Released

Erik Hjelmvik | November 7, 2019 | CIFS, DoH, hashcat, HTTP/2, http2, HTTPS, JA3, John, KERBEROS, MS-BRWS, NBNS, NetBIOS, NetworkMiner, NetworkMinerCLI, OSINT, pcap

I am happy to announce the release of NetworkMiner 2.5 today! This new version includes new features like JA3 and parsers for the HTTP/2 and DoH protocols. We have also added support ...

NETRESEC Network Security Blog

DOH: DNS Over HTTPS

Marc Handelman | October 14, 2019 | dns, DNS over HTTPS, DoH, Information Security, Internetwork Security, Network Security

Via Timothy B. Lee, writing at Ars Technica, comes this tremendous piece enlightening us as to the vagaries DNS Over HTTPS, to the horror of ISps throught the United States of Surveillance ...

Infosecurity.US

PolarProxy Released

Erik Hjelmvik | June 21, 2019 | DNS over HTTPS, DNS-over-TLS, DoH, DoT, HTTP/2, http2, ids, IMAPS, NIDS, pcap, PolarProxy, POP3S, SMTPS, ssl, SSLKEYLOGFILE, tcpreplay, TLS, Wireshark

I'm very proud to announce the release of PolarProxy today! PolarProxy is a transparent TLS proxy that decrypts and re-encrypts TLS traffic while also generating a PCAP file containing the decrypted traffic ...

NETRESEC Network Security Blog

DoH

DNS over TLS and DNS over HTTPS

The light shines even brighter: Updates to Corelight’s Encrypted Traffic Collection

Sharing a PCAP with Decrypted HTTPS

NetworkMiner 2.5 Released

DOH: DNS Over HTTPS

PolarProxy Released

The Future of Multi-Cloud Security: A Look Ahead at Intelligent Cloud Security Posture Management Solutions

Prevent Catastrophic Data Loss in the Cloud

CISO Roundtable: What We’ve Heard, and What We’re Looking Forward To