Overview
This course teaches learners how to detect traffic anomalies using SSL certificates through methods such as adding metadata to SSL logs, using Python scripts, and conducting live demos. The teaching method includes a combination of theoretical explanations, practical demonstrations, and visualizations. The course is intended for network analysts and individuals interested in cybersecurity.
Syllabus
Introduction
Two methods of detection
Adding metadata to SSL logs
Python script
Live demo
Exiting the viewer
Dashboard
Visualizations
J3 Description
J3 Unknown
PowerShell Bits
Metasploit
Source destination
Clientside hash
Traditional SSL log
System on Data
Bro Notice
Country Codes
UID
Intel
Source
Network analyst
Questions
Taught by
Security Onion