One of the best ways to learn how to protect against malware is to learn how to detect malware traffic. Towards this end, we are constantly searching the Internet for as many types of malware pcaps as we can find.
This blog focuses on the use of a fake SSL session where the TCP session starts with an SSL handshake but doesn’t actually do the handshake – it is a fake.
We will also show in this blog how to detect this type of fake SSL using the powerful yet flexible pcap analytics.
Join me in this deep dive...