This video covers many topics related to HTTP and TLS investigation, particularly in regards to NetWitness metadata and Wireshark fields. During the course of an investigation it’s important to have as much context as possible around typical behavior and false positive or false negative scenarios. This is especially true in use case development to ensure that coverage is maximized and that blind spots are minimized and understood.
Timestamps
Time |
Link |
Description |
1:14 |
https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP |
Mozilla- Basics of HTTP |
1:14 |
Unit 42- Wireshark Tutorials |
|
1:14 |
PortSwigger- Web Security Academy |
|
5:14 |
https://developer.mozilla.org/en-US/docs/Web/HTTP/Resources_and_specifications |
HTTP RFC Information |
26:40 |
Corelight- Community ID |
|
33:46 |
https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/ |
Cloudflare- What Happens in a TLS Handshake |
36:36 |
Cloudflare- Encrypted Client Hello |
|
49:03 |
https://community.netwitness.com/t5/netwitness-community-blog/bg-p/netwitness-blog |
NetWitness- Community Blogs |
49:03 |
Palo Alto Unit 42 |
|
49:03 |
Security Onion Blog |
|
49:03 |
Port Swigger News (inactive but a good reference) |
|
49:03 |
Cisco Talos Blog |
Reuploaded 3/14/2024 to make minor corrections.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.