TLS fingerprinting (JA3/JA3S) for encrypted channel detection (M8)

Milestone M8: TLS client/server fingerprinting for encrypted C2 and evasion techniques.

- Implement JA3/JA3S fingerprinting in XDP Go user space.
- Detect known malicious client fingerprints for MITRE ATT&CK T1071.001 (HTTPS), T1573 (encrypted channel).
- Document limitations (e.g., no decryption, only handshake metadata).

References:
- MITRE ATT&CK: https://attack.mitre.org/techniques/T1071/001/, https://attack.mitre.org/techniques/T1573/
- TLS fingerprinting: https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TLS fingerprinting (JA3/JA3S) for encrypted channel detection (M8) #6

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

TLS fingerprinting (JA3/JA3S) for encrypted channel detection (M8) #6

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions