Packets or it didn't happen!
  • More About DNS over HTTPS Traffic Analysis - Dr. J
    Two days ago, I wrote about how to profile traffic to recognize DNS over HTTPS. This is kind of a problem for DNS over HTTPS. If you can see it, you may be able to block it. On Twitter, a few chimed in to provide feedback about recognizing DNS over HTTPS. I checked a couple […]
  • Profiling TLS Traffic to Identify DNS over HTTPS - Dr. J
    Whenever I talk about DNS over HTTPS (DoH), the question comes up if it is possible to fingerprint DoH traffic without decrypting it. The idea is that something about DoH packets is different enough to identify them. This evening after recording my podcast, I experimented a bit with this idea to see what could be […]
  • When MacOS Catalina Comes to Life: The First Few Minutes of Network Traffic From MacOS 10.15. - Dr. J
    This is continuing a post from April about network traffic from Windows 10. When dealing with network traffic, it is always good to know what is normal. As part of this series, I will investigate the first few minutes of network traffic from current operating systems. With macOS 10.15 Catalina just being released, I figured […]
  • The Weekly Zeek: DNS Cache Poisoning detection - Andy
    Recently in class, we were discussing detection strategies for DNS cache poisoning attacks. One of the ideas was to look for duplicate DNS replies to the same request. This would be pretty difficult with signature detection tools and flow data wouldn’t have enough details. Zeek would be perfect for this type of detection. Let’s write […]
  • The Weekly Zeek: Events, not packets - Andy
    One of the Zeek concepts we discuss in SEC503: Intrusion Detection In-Depth is how scripts are reacting to events, not necessarily packets. Yes, Zeek processes packets and scripts can be written to react to individual packet characteristics but this is through exposed events. A single packet may trigger one event but, more than likely, it […]

Upcoming Events

Apr 5, 2020 - Apr 10, 2020
Virtual - US Eastern
Apr 20, 2020 - Apr 25, 2020
Virtual - British Summer Time
Apr 27, 2020 - May 2, 2020
Virtual - US Eastern
May 11, 2020 - May 16, 2020
Virtual - US Mountain
Jun 8, 2020 - Jun 13, 2020
Staff
Las Vegas, NV
Jun 15, 2020 - Jun 20, 2020
Washington, DC
Jul 6, 2020 - Jul 11, 2020
Munich, Germany
Jul 6, 2020 - Jul 11, 2020
Arlington, VA
Jul 20, 2020 - Jul 25, 2020
Denver, CO
Jul 20, 2020 - Jul 25, 2020
Columbia, MD
Aug 17, 2020 - Aug 22, 2020
Amsterdam, Netherlands
Aug 17, 2020 - Aug 22, 2020
Melbourne, Australia
Aug 30, 2020 - Sep 4, 2020
Staff
Virginia Beach, VA
Aug 30, 2020 - Sep 4, 2020
New York City, NY
Sep 7, 2020 - Sep 12, 2020
London, United Kingdom
Sep 14, 2020 - Sep 19, 2020
Munich, Germany
Sep 20, 2020 - Sep 25, 2020
Las Vegas, NV
Oct 12, 2020 - Oct 17, 2020
Staff
Orlando, FL
May 28, 2020 - Jul 6, 2020
Online
Aug 10, 2020 - Sep 16, 2020
Online
Jun 15, 2020 - Jun 20, 2020
Online
Jul 20, 2020 - Jul 25, 2020
Online