mastodon.ie

Pan ŻarówkaMasz VPN, zmieniony user-agent, prywatną przeglądarkę – a mimo to serwer wie, kim jesteś? Bo dziś identyfikacja to coś więcej niż ciasteczka. W grze są JA3, JA4, PeetPrint, fingerprinting HTTP/2 od Akamai, kolejność nagłówków, ALPN, WebGL, fonty, język systemu… Prywatność nie kończy się na adresie IP. <a href="https://pol.social/tags/Fingerprinting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Fingerprinting</a> <a href="https://pol.social/tags/PrivacyMatters" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PrivacyMatters</a> <a href="https://pol.social/tags/JA3" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JA3</a> <a href="https://pol.social/tags/JA4" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JA4</a> <a href="https://pol.social/tags/PeetPrint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PeetPrint</a> <a href="https://pol.social/tags/Akamai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Akamai</a> <a href="https://pol.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://pol.social/tags/DigitalIdentity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DigitalIdentity</a> <a href="https://pol.social/tags/VPN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VPN</a> <a href="https://pol.social/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a>

𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲Erik and <a href="https://infosec.exchange/@jonasl" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@jonasl</a>’s Network Fingerprinting talk is now online. It covers <a href="https://infosec.exchange/tags/JA4" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JA4</a> and <a href="https://infosec.exchange/tags/JARM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JARM</a> by John Althouse, <a href="https://infosec.exchange/@lcamtuf" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@lcamtuf</a>’s <a href="https://infosec.exchange/tags/p0f" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#p0f</a> and Eric Kollmann’s Satori. <a href="https://www.youtube.com/watch?v=1_VbYp4Zyno&t=19s" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.youtube.com/watch?v=1_VbYp4Zyno&t=19s</a>

Seth GroverI'm on cloud nine since the v24.06.0 release of <a href="https://malcolm.fyi/" rel="nofollow noopener noreferrer" target="_blank">Malcolm</a>, bringing you (who could have imagined?!?) new features, improvements, component version updates, and a few bug fixes. Please see the <a href="https://github.com/idaholab/Malcolm/releases/tag/v24.06.0" rel="nofollow noopener noreferrer" target="_blank">release notes</a>, particularly if you've been using NetBox, as an update to that tool brings some backwards-compatibility-breaking changes (sorry 😢).<ul><li>Features and enhancements<ul><li>Support for multiple NetBox sites (<a href="https://github.com/idaholab/Malcolm/issues/449" rel="nofollow noopener noreferrer" target="_blank">issue #449</a>)<ul><li>Malcolm now supports enrichment from a NetBox inventory for <a href="https://malcolm.fyi/docs/asset-interaction-analysis.html#AssetInteractionAnalysis" rel="nofollow noopener noreferrer" target="_blank">asset interaction analysis</a> across multiple <a href="https://demo.netbox.dev/static/docs/core-functionality/sites-and-racks/" rel="nofollow noopener noreferrer" target="_blank">sites</a>. The NetBox site can be specified for uploaded PCAP, for a Hedgehog Linux sensor, and for Malcolm live capture.</li></ul></li><li><a href="https://github.com/FoxIO-LLC/ja4" rel="nofollow noopener noreferrer" target="_blank">JA4+</a> replaces the JA3 TLS fingerprinting standard from 2017 (see also this <a href="https://blog.foxio.io/ja4%2B-network-fingerprinting" rel="nofollow noopener noreferrer" target="_blank">blog post</a>) (<a href="https://github.com/idaholab/Malcolm/issues/419" rel="nofollow noopener noreferrer" target="_blank">issue #419</a>)</li><li>Support uploading Windows Event Log <a href="https://github.com/omerbenamram/evtx" rel="nofollow noopener noreferrer" target="_blank">evtx</a> files (<a href="https://github.com/idaholab/Malcolm/issues/465" rel="nofollow noopener noreferrer" target="_blank">issue #465</a>) and update associated dashboard</li><li><a href="https://malcolm.fyi/docs/contributing-github-runners.html#GitHubRunners" rel="nofollow noopener noreferrer" target="_blank">Document using GitHub runners</a> to build Malcolm images (for contributors' guide, <a href="https://github.com/idaholab/Malcolm/issues/491" rel="nofollow noopener noreferrer" target="_blank">issue #491</a>)</li><li>Generate new forwarder SSL keys on-the-fly when transferring between Malcolm and Hedgehog Linux (<a href="https://github.com/idaholab/Malcolm/issues/492" rel="nofollow noopener noreferrer" target="_blank">issue #492</a>)</li><li>Incorporate <a href="https://github.com/cisagov/acid" rel="nofollow noopener noreferrer" target="_blank">ATT&CK-based Control-system Indicator Detection for Zeek (ACID)</a> (<a href="https://github.com/idaholab/Malcolm/issues/489" rel="nofollow noopener noreferrer" target="_blank">issue #489</a>), a collection of Operational Techonology (OT) protocol indicators developed to alert on specific <a href="https://attack.mitre.org/matrices/ics/" rel="nofollow noopener noreferrer" target="_blank">ATT&CK for ICS</a> behaviors</li><li>Add platform architecture and machine boot time to <a href="https://malcolm.fyi/docs/api-version.html" rel="nofollow noopener noreferrer" target="_blank">Malcolm version API</a></li><li>Add links to the navigation pane of most dashboards to "other" dashboards for non-network log data (e.g., resource monitoring, Windows Event logs, etc.)</li></ul></li><li>Component version updates<ul><li>NetBox to <a href="https://github.com/netbox-community/netbox/releases" rel="nofollow noopener noreferrer" target="_blank">v4.0.6</a> (from v3.6.7, <a href="https://github.com/idaholab/Malcolm/issues/385" rel="nofollow noopener noreferrer" target="_blank">issue #385</a>)</li><li>OpenSearch and OpenSearch Dashboards to <a href="https://github.com/opensearch-project/opensearch-build/blob/main/release-notes/opensearch-release-notes-2.15.0.md" rel="nofollow noopener noreferrer" target="_blank">v2.15.0</a></li><li>and <a href="https://github.com/idaholab/Malcolm/releases/tag/v24.06.0" rel="nofollow noopener noreferrer" target="_blank">lots more</a>...</li></ul></li><li>Bug fixes<ul><li>Arkime viewer not rolling PCAPs (<a href="https://github.com/idaholab/Malcolm/issues/484" rel="nofollow noopener noreferrer" target="_blank">issue #484</a>)</li><li><a href="https://github.com/idaholab/Malcolm/blob/280173f01be4c4942efbcfa03bcc20e8f43cb12c/.github/workflows/malcolm-iso-build-docker-wrap-push-ghcr.yml#L53-L76" rel="nofollow noopener noreferrer" target="_blank">Free up space</a> in GitHub runner environment building ISO images to avoid build errors due to exhausted disk space</li></ul></li></ul>New to Malcolm? Grab some popcorn and watch <a href="https://www.youtube.com/playlist?list=PLJg-83nW7AjOcSEiVMc4mODs4LzfVAwwN" rel="nofollow noopener noreferrer" target="_blank">these overview videos</a> to give you an idea of what it's about. See the <a href="https://malcolm.fyi/docs/quickstart.html" rel="nofollow noopener noreferrer" target="_blank">quick start guide</a> to learn how to install Malcolm, or check out these tutorial videos for <a href="https://www.youtube.com/watch?v=pQo4fyWB5xo&list=PLJg-83nW7AjPV-B_Lv71uQpDAYwphc5p9&index=2" rel="nofollow noopener noreferrer" target="_blank">installing using Docker</a> or from the <a href="https://www.youtube.com/watch?v=7-x6IMy1GkQ&list=PLJg-83nW7AjPV-B_Lv71uQpDAYwphc5p9&index=1" rel="nofollow noopener noreferrer" target="_blank">official ISO installer images</a> for Malcolm and Hedgehog Linux, which can be downloaded from Malcolm's <a href="https://github.com/idaholab/Malcolm/releases" rel="nofollow noopener noreferrer" target="_blank">releases page</a> on GitHub.<a href="https://infosec.exchange/tags/Malcolm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malcolm</a> <a href="https://infosec.exchange/tags/HedgehogLinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HedgehogLinux</a> <a href="https://infosec.exchange/tags/Zeek" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Zeek</a> <a href="https://infosec.exchange/tags/Arkime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Arkime</a> <a href="https://infosec.exchange/tags/NetBox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NetBox</a> <a href="https://infosec.exchange/tags/OpenSearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSearch</a> <a href="https://infosec.exchange/tags/Elasticsearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Elasticsearch</a> <a href="https://infosec.exchange/tags/Suricata" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Suricata</a> <a href="https://infosec.exchange/tags/PCAP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PCAP</a> <a href="https://infosec.exchange/tags/NetworkTrafficAnalysis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NetworkTrafficAnalysis</a> <a href="https://infosec.exchange/tags/networksecuritymonitoring" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#networksecuritymonitoring</a> <a href="https://infosec.exchange/tags/OT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OT</a> <a href="https://infosec.exchange/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://infosec.exchange/tags/icssecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#icssecurity</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/Cyber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cyber</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/INL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#INL</a> <a href="https://infosec.exchange/tags/DHS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DHS</a> <a href="https://infosec.exchange/tags/CISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CISA</a> <a href="https://infosec.exchange/tags/CISAgov" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CISAgov</a> <a href="https://infosec.exchange/tags/ja4" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ja4</a>

𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲NetworkMiner 2.9 Released!<ul><li><a href="https://infosec.exchange/tags/TZSP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TZSP</a> support</li><li><a href="https://infosec.exchange/tags/StealC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#StealC</a> extractor</li><li>Improved <a href="https://infosec.exchange/tags/Modbus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Modbus</a> parser</li><li><a href="https://infosec.exchange/tags/JA4" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JA4</a> support</li><li><a href="https://infosec.exchange/tags/GTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GTP</a> decapsulation</li></ul><a href="https://netresec.com/?b=245092b" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://netresec.com/?b=245092b</a>

Recent searches

Search options

Administered by:

Server stats:

#ja4