HTTPS

Google is set to make significant changes to the Google Chrome browser that would eventually lead to entirely blocking the download of files from HTTP (unencrypted) sources, starting with Chrome 83. The ...

Wouldn't it be awesome to have a NIDS like Snort, Suricata or Zeek inspect HTTP requests leaving your network inside TLS encrypted HTTPS traffic? Yeah, we think so too! We have therefore ...

Modern malware and botnet C2 protocols use TLS encryption in order to blend in with 'normal' web traffic, sometimes even using legitimate services like Twitter or Instagram. I did a live demo ...

As stewards of Maven Central, Sonatype is responsible for hosting and transmitting a disproportionately high volume of the Java ecosystem’s open-source components. In the month of November 2019 alone, total requests to ...

This is a tutorial on how to set up an environment for dynamic malware analysis, which can be used to analyze otherwise encrypted HTTPS and SMTPS traffic without allowing the malware to ...

This week, APWG released its findings from Q3 that compiles insights from their member companies and provides an analysis of how phishing is changing. The key findings from the latest report show ...

I am happy to announce the release of NetworkMiner 2.5 today! This new version includes new features like JA3 and parsers for the HTTP/2 and DoH protocols. We have also added support ...

You’re listening to the Shared Security Podcast, exploring the trust you put in people, apps, and technology…with your host, Tom Eston. In episode 89 for October 7th 2019: Microsoft’s new OneDrive personal ...

This is a how-to guide for setting up a Raspberry Pi as a WiFi Access Point, which acts as a transparent TLS proxy and saves the decrypted traffic in PCAP files. Image: ...

This week APWG released its findings from Q2 of this year that compiles insights from their member companies and provides an analysis of how phishing is changing. This quarter's report shows that ...