Advanced HTTP and TLS Concepts (Video)

Written by Admin | Sep 8, 2023 4:00:00 AM
(view in My Videos)

This video covers many topics related to HTTP and TLS investigation, particularly in regards to NetWitness metadata and Wireshark fields. During the course of an investigation it’s important to have as much context as possible around typical behavior and false positive or false negative scenarios. This is especially true in use case development to ensure that coverage is maximized and that blind spots are minimized and understood.

Timestamps

  • HTTP Basics: 01:06
  • Investigation Mindset: 05:53
  • RFC Violations: 08:08
  • Unusual Behavior: 19:21
  • HTTPS: 25:10
  • HTTPS Meta: 29:06
  • Future Developments: 33:10
  • HTTP Versions: 41:09
  • Summary: 47:08

Time

Link

Description

1:14

https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP

Mozilla- Basics of HTTP

1:14

https://unit42.paloaltonetworks.com/tag/wireshark/

Unit 42- Wireshark Tutorials

1:14

https://portswigger.net/web-security

PortSwigger- Web Security Academy

5:14

https://developer.mozilla.org/en-US/docs/Web/HTTP/Resources_and_specifications

HTTP RFC Information

26:40

https://github.com/corelight/community-id-spec

Corelight- Community ID

33:46

https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/

Cloudflare- What Happens in a TLS Handshake

36:36

https://blog.cloudflare.com/encrypted-client-hello/

Cloudflare- Encrypted Client Hello

49:03

https://community.netwitness.com/t5/netwitness-community-blog/bg-p/netwitness-blog

NetWitness- Community Blogs

49:03

https://unit42.paloaltonetworks.com/

Palo Alto Unit 42

49:03

https://blog.securityonion.net/

Security Onion Blog

49:03

https://portswigger.net/daily-swig

Port Swigger News (inactive but a good reference)

49:03

https://blog.talosintelligence.com/

Cisco Talos Blog

Reuploaded 3/14/2024 to make minor corrections. 
View full post