The use of TLS encryption has greatly improved our privacy on the Internet. Unfortunately malware has also benefited from the “HTTPS is the new TCP” trend we’ve been seeing for the past few years. Botnets, trojans and APT groups now leverage TLS encryption in order to avoid network based detection. In this talk Erik will perform live TLS interception and decryption in order to show how defenders can analyze otherwise encrypted communications in real-time.
Tools used: PolarProxy, Wireshark and NetworkMiner