Packet Tuesday - TLS Server Hello

Channel:

Subscribers:

23,600

Published on December 20, 2022 2:32:05 PM ● Video Link: https://www.youtube.com/watch?v=2HymU4dxWEQ

Duration: 17:44

1,171 views

Following up on the TLS Client Hello in Episode 4 (https://youtu.be/9LJhMG1TrbA), this episode covers the
TLS Server Hello message as well as how to acquire encrypted traffic.

Notes:
SEC503 Network Monitoring and Threat Detection In-Depth: https://www.sans.org/u/1obN

RFCs:
TLS 1.2: https://www.rfc-editor.org/rfc/rfc5246.html
TLS 1.3: https://www.rfc-editor.org/rfc/rfc8446.html
Extended Master Secret: https://www.rfc-editor.org/rfc/rfc7627
Aplication Layer Protocol Settings: https://datatracker.ietf.org/doc/html/draft-vvv-tls-alps-01

Packet: https://packettuesday.com/pcaps/tlsserverhello.pcap

also see https://packettuesday.com/pcaps/sslkeylog.txt for the master keys

Other Videos By SANS Cyber Defense

2023-05-08	Fundamentals: 11 Strategies of a World-Class SOC \| SANS Blueprint Podcast Season 4 Intro
2023-04-06	The New OSINT Cheat Code: ChatGPT
2023-02-07	Packet Tuesday - Most Frequent DNS Query ID
2023-01-31	Packet Tuesday - Large ICMP Errors
2023-01-26	AI, Data Science, and Machine Learning Training for Cybersecurity Professionals with SANS SEC595
2023-01-24	Packet Tuesday - IPv6 Neighbor Discovery
2023-01-17	Packet Tuesday - IPv6 Router Advertisements
2023-01-11	Network Monitoring Training with SEC503 Network Monitoring and Threat Detection In-Depth
2023-01-10	Packet Tuesday - NTP
2023-01-03	Packet Tuesday - IP Options
2022-12-20	Packet Tuesday - TLS Server Hello
2022-12-13	Packet Tuesday - FreeBSD Ping Vulnerability
2022-12-08	Baby Steps to the Future: Evolving into the Next-Gen SOC
2022-12-07	Don't Relay Me: Empirically Diagnose Privilege Escalation via Active Directory Account Sighting
2022-12-06	Packet Tuesday - TLS Client Hello
2022-12-05	IR Prep and Detection Engineering When the Cloud is Your Data Center
2022-12-02	Prioritizing Defensive Capabilities
2022-12-01	Once Upon a Login: How Logon Sessions Help Defenders See the Bigger Picture
2022-11-30	Designing Security from the Ground Up
2022-11-29	Packet Tuesday - TCP Urgent Flag
2022-11-28	A Deep Dive into AWS IAM Privilege Escalation Attacks: Defenders’ Edition 2022

Tags:

cyber defense

cyber defenders

tls server

tls

packet tuesday

packet analysis

traffic analysis

network analysis

network traffic analysis

johannes ullrich

sans sec503

network monitoring

threat detection

sec503 network monitoring and threat detection

network monitoring course

network monitoring training

threat detection course

threat detection training

network monitoring training course

threat detection training course

packet capture