TLS Interception Archives

Erik presenting PolarProxy at CS3Sthlm, photo credit: CS3Sthlm

Sharing a PCAP with Decrypted HTTPS

Erik Hjelmvik | January 13, 2020 | CS3, CS3Sthlm, decrypt, DoH, forensics, google, HTTP/2, http2, HTTPS, NetworkMiner, Pastebin, pcap, PolarProxy, TLS, TLS Inspection, TLS Interception, TLSI, Twitter, video, Wireshark

Modern malware and botnet C2 protocols use TLS encryption in order to blend in with 'normal' web traffic, sometimes even using legitimate services like Twitter or Instagram. I did a live demo ...

NETRESEC Network Security Blog

The NSA HSTS Security Feature Mystery

Erik Hjelmvik | November 26, 2019 | break, HSTS, inspect, kryptera.se, NetworkMiner, nsa, PolarProxy, RFC6797, RFC8471, RFC8473, TLS, TLS Inspection, TLS Interception, TLSI, Wireshark

I recently stumbled across an NSA Cyber Advisory titled Managing Risk from Transport Layer Security Inspection (U/OO/212028-19) after first learning about it through Jonas Lejon's blog post NSA varnar för TLS-inspektion (Swedish) ...

NETRESEC Network Security Blog