SquareLemon Blog

SecTor 2016 Presentation

A week ago I gave my talk “[Ab]Using TLS for Defensive Wins” at SecTor 2016. Here is my little blurb: TLS, and it’s older forerunner SSL, are used to maintain the confidentiality and integrity of network communications. This is a double edged sword for Information Security departments as this allows private information to remain private, but can also be used to hide malicious activity. Current defensive measures for dealing with network traffic encrypted using TLS typically takes one of two forms; attempting to detect malicious activities via other means which are outside of the encrypted session, such as endpoint security tools and IP address blacklists. [Read More]

FingerPrinTLS Example Use Cases

I have unbroken my blog, so in preparation for BlackHat Arsenal I have written up a few use cases for FingerPrinTLS. The specific examples I have given are: Supplementing IDS Malware hunting and enhancing ThreatIntel(sorry!) Feeds Protecting API endpoints and Web Servers Canaries for Unicorns Enjoy! [Read More]

things are coming...

I realise that I have not posted for a while, so I just wanted to drop a quick mini-post’ette to say that I have been working hard on a number of things to do with my TLS Fingerprinting side project. If you keep track of my GitHub page you’ll probably see the fruits of my labour first. I’m planning on creating a number of posts on using the FingerPrinTLS tool once I have a few more key items in. [Read More]

tls fingerprinting resources

Today I gave my talk at DerbyCon, “Stealthier Attacks & Smarter Defending with TLS Fingerprinting”. The links to all the resources are: Paper / Post giving a technical overview of the fingerprinting technique discussed. Slides from the talk, which probably don’t make much sense without the talk. Tools discussed during the talk Don’t forget to join in the conversation on twitter too either to my account or the FingerprinTLS account. [Read More]

Yes, I've been quiet

I haven’t posted for a while, largely because I have been working on some research that I have been doing, and am presenting at both SecTor in a few weeks, and DerbyCon tomorrow. I will be releasing some materials relating to this talk so that people who are not in attendance can obtain the information without having to listen to me on a recording, so if you are interested in TLS Fingerprinting, keep an eye out tomorrow as I will be publishing a longer than normal post with some of the technical details and tools. [Read More]

mitm the mitmers

Last week I mentioned that James Arlen and I gave the closing keynote at SCCongress Toronto. We had planned to do a live demo as part of the talk, but after reaching the venue and connecting to the wifi we found that it would not work as planned, specifically because the venue wifi was “correcting” my tampering of the DNS on the demo victim, they were still visiting the real website. [Read More]

sc congress toronto

Yesterday James Arlen and I gave the closing Keynote at SC Congress Toronto. If you would like to see the slides, we have made the available on slideshare: And the pre-recorded demo is available here (the live demo was, unfortunately, not recorded): [Read More]

bsides toronto 2015 is coming...

Returning for it’s third year, BSides Toronto has just been announced for 7th November 2015 and the CFP opened, so if you want to speak get your submission in! (details on the BSidesTO website). Keep an eye out on Twitter too as announcements when registration opens, speakers are announced, etc. I won’t be speaking this year because I have the pleasure of taking one of the spots as an organiser [Read More]

stealthier attacks and smarter defending with tls fingerprinting

I am really pleased to announce that I have decided to try my hand at talking at conferences again this year and have a new talk ready “Stealthier Attacks and Smarter Defending with TLS Fingerprinting”. Despite being a talk on TLS (and SSL) there isn’t any complex crypto or mathematics, this is aimed at defenders and attackers rather than cryptographers. Here’s the abstract: Ever been busted because you man in the middle software (which does TLS properly) alerted someone to your bad certificate? [Read More]

mitm in telecoms networks i told you so ... sort of

For anyone that has read this blog before, you will probably know that at the end of 2014 I gave my “Corporation in The Middle” talk at both SecTor and BSides Toronto. In short my ISP (Rogers) used a platform to Man (Corporation) in The Middle my and every other customers connection in order to insert notification banners at the top of pages in certain circumstances, such approaching your bandwidth cap. [Read More]

Older Posts →