An Untrustworthy TLS Certificate in Browsers

The major browsers natively trust a whole bunch of certificate authorities, and some of them are really sketchy: Google’s Chrome, Apple’s Safari, nonprofit Firefox and others allow the company, TrustCor Systems, to ...
CapLoader 1.9.4

CapLoader 1.9.4 Released

A new version of our advanced PCAP filtering tool CapLoader was released today. The new CapLoader 1.9.4 release includes features like JA3 hash extraction from TLS traffic and a fantastic thing called ...
Russia Force-Feeds new, ‘Trusted’ CA—Yeah, RIGHT

Russia Force-Feeds new, ‘Trusted’ CA—Yeah, RIGHT

Websites in Russia can’t renew their TLS/HTTPS certs. Moscow’s solution is to create a new certificate authority. But the man-in-the-middle threat should be obvious ...
Security Boulevard
Images extracted from decrypted HTTP/2 traffic shown in NetworkMiner

PolarProxy in Windows Sandbox

In this video I demonstrate how PolarProxy can be run in a Windows Sandbox to intercept and decrypt outgoing TLS communication. This setup can be used to inspect otherwise encrypted traffic from ...
PolarProxy 0.9

PolarProxy 0.9 Released

PolarProxy was previously designed to only run as a transparent TLS proxy. But due to popular demand we've now extended PolarProxy to also include a SOCKS proxy and a HTTP CONNECT proxy ...
Best of 2021 - Chrome to Enforce HTTPS Web Protocol (Like It or Not)

Best of 2021 – Chrome to Enforce HTTPS Web Protocol (Like It or Not)

What a difference an ‘s’ makes. This seemingly unimportant change could have a big—if unseen—impact ...
Security Boulevard

Packet Captures in the Age of TLS

| | akime, fpc, Moloch, Packet Capture, TLS
 Ten to fifteen years ago, a company having FPC (full packet capture) was an indicator of the seriousness of the company's information security efforts. Having trained analysts that could use those packets ...

It’s Always DNS – But Not in the Way You May Think

A popular joke among technologists says that it’s always DNS, even when it initially didn’t seem that way. DNS issues come in many shapes and forms, including some often-overlooked security issues. DNS ...
Detecting SUNBURST/Solarigate activity in retrospect with Zeek – a practical example

Detecting SUNBURST/Solarigate activity in retrospect with Zeek – a practical example

Ben Reardon – Corelight Labs Researcher The threat actors who created SUNBURST went to extraordinary lengths to hide Command-and-Control (C2) traffic by mimicking the nature of communication patterns used by legitimate software ...
RAT Borat Trojan Kazakhstan

Kazakhstan Spies on its People via Man-in-the-Middle Attack, Again

The Kazakh government is forcing its citizens to install a spyware root certificate, allowing authorities to crack open TLS traffic, such as HTTPS ...
Security Boulevard