Hunting SSL/TLS clients using JA3, (Fri, Aug 10th)


#1

JA3 is a method to profile the way server and clients do their SSL/ TLS handshake. It has been created by Salesforce engineers, John B. Althouse, Jeff Atkinson and Josh Atkins. Many servers and clients use different tls configurations, making this a good way of identifying applications, libraries and their corresponding versions. Each tls configuration uses its own set of ciphers, extensions and elliptic curves. 

Article Link: https://isc.sans.edu/diary/rss/23972