Common SSL/TLS Decryption Techniques

Sunday, June 17, 2018

IntroductionThe following article cover a few common SSL/TLS decryption techniques. Please note that the article assumes that the attacker doesn’t have a pre-access to the digital certificate private key or the encryption keys.Attack Vectors1. Stealing the digital certificate private key and/or the SSL/TLS session key. A physical access, trojan horse or other client-side attack techniques can be used to accomplish this task. After it, the attacker can use sniffer or another tool, to copy the network traffic to a local or remote store, and then decrypt it. Please note the limitations of this technique while the SSL/TLS is based...

Moving Target Defense (MTD) Definition

Friday, April 6, 2018

Moving Target Defense (MTD) or Moving Target Cyber Defense definition;Option 1:“Techniques aimed at continuously changing a system’s attack surface, usually referred to as Moving Target Defense (MTD), are emerging as powerful tools for thwarting cyber attacks. Such mechanisms increase the uncertainty, complexity, and cost for attackers, limit the exposure of vulnerabilities, and ultimately increase overall resiliency. “Source: A Multi-Layer Moving Target Defense Approach for Protecting Resource-Constrained Distributed Devices, V. Casola, A. De Benedictis and M.Albanes, Springer,  February 18, 2014Option 2:“Moving Target Defense (MTD) is the concept of controlling change across multiple system dimensions in order to increase uncertainty and...