You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This one is a little complex as we'd need to set up servers and negotiate TLS in a particular way to generate JA3 (client) and JA3S (server) fingerprints that are known bad. I'll need to double-check on the certificate side of things, but we won't have the private keys, so that might not work.
We should roll this into the c2 module with synthetic bad JA3 client fingerprints to a server we control that talks TLS (e.g. tls.sandbox.alphasoc.xyz) and we could even reply with a known bad JA3S server fingerprint, but that's not absolutely necessary (i.e. if it's a pain to implement)
chrisforce1
changed the title
Generate malicious TLS traffic
Extend c2 module to generate malicious JA3 fingerprints
Jun 8, 2020
Worth adding simulator for malicious TLS traffic, i.e. having known bad JA3 or certificate hashes.
The text was updated successfully, but these errors were encountered: