Laptop, Raspberry Pi, PolarProxy, Internet ASCII

Discovered Artifacts in Decrypted HTTPS

We released a PCAP file earlier this year, which was recorded as part of a live TLS decryption demo at the CS3Sthlm conference. The demo setup used PolarProxy running on a Raspberry ...
TLS Termination Proxy

Reverse Proxy and TLS Termination

PolarProxy is primarily a TLS forward proxy, but it can also be used as a TLS termination proxy or reverse TLS proxy to intercept and decrypt incoming TLS traffic, such as HTTPS ...

IoT Device Attacks, FCC Fines Mobile Carriers, Let’s Encrypt Certificate Bug

In episode 111 for March 9th 2020: A new report shows that attacks on Internet of Things devices are on the rise, the FCC fines major mobile carriers for selling users’ location ...
Apple Harshes Cumulative Mellow: Enforces Unilateral TLS Certificate 13 Month Time Limit In Safari Web Browser

Apple Harshes Cumulative Mellow: Enforces Unilateral TLS Certificate 13 Month Time Limit In Safari Web Browser

Is it possible this is just an effort at redirection? Maybe (OK, it's a thin argument I'll admit, but stick around, it may prove to be interesting or funny or maybe both) ...
certificate

Forgot to Renew Your TLS Certificate, Microsoft?

Microsoft Teams went dark for seven hours yesterday. It turns out the Teams team forgot to renew a TLS certificate ...
Security Boulevard

Update Your Browser to Support TLS 1.2 and WPA2-Enterprise

Organizations should be aware of an important update to TLS. TLS 1.2 is the most recent update that builds on top of TLS 1.0 and TLS 1.1 to increase network security. Updating ...
Network drawing with Clients, SecurityOnion and the Internet

Sniffing Decrypted TLS Traffic with Security Onion

Wouldn't it be awesome to have a NIDS like Snort, Suricata or Zeek inspect HTTP requests leaving your network inside TLS encrypted HTTPS traffic? Yeah, we think so too! We have therefore ...
Erik presenting PolarProxy at CS3Sthlm, photo credit: CS3Sthlm

Sharing a PCAP with Decrypted HTTPS

Modern malware and botnet C2 protocols use TLS encryption in order to blend in with 'normal' web traffic, sometimes even using legitimate services like Twitter or Instagram. I did a live demo ...
INetSim + PolarProxy

Installing a Fake Internet with INetSim and PolarProxy

This is a tutorial on how to set up an environment for dynamic malware analysis, which can be used to analyze otherwise encrypted HTTPS and SMTPS traffic without allowing the malware to ...
NSA TLSI advisory header

The NSA HSTS Security Feature Mystery

I recently stumbled across an NSA Cyber Advisory titled Managing Risk from Transport Layer Security Inspection (U/OO/212028-19) after first learning about it through Jonas Lejon's blog post NSA varnar för TLS-inspektion (Swedish) ...