Home Tips & Tricks Open Sourcing JA3: SSL/TLS Client Fingerprinting for Malware Detection

Open Sourcing JA3: SSL/TLS Client Fingerprinting for Malware Detection

4
0
148,051

A JA3 hash represents the fingerprint of an SSL/TLS client application as detected via a network sensor or device, such as Bro or Suricata. This allows for simple and effective detection of client applications such as Chrome running on OSX (JA3=94c485bca29d5392be53f2b8cf7f4304) or the Dyre malware family running on Windows (JA3=b386946a5a44d1ddcc843bc75336dfce) or Metasploit’s Meterpreter running on Linux (JA3=5d65ea3fb1d4aa7d826733d2f2cbbb1d). JA3 allows analysts to detect these applications, malware families, and pen testing tools, regardless of their destination, Command and Control (C2) IPs, or SSL certificates.

Learn more about how it works reading John Althouse’s post.

 

Load More Related Articles
Load More In Tips & Tricks

4 Comments

  1. how to buy hydroxychloroquine

    July 14, 2021 at 11:35 am

    hydroxychloroquine order amazon

    dare ventricular tachycardia cat

  2. hydroxychloroquine price cvs

    July 22, 2021 at 10:09 am

    how to get hydroxychloroquine prescription

    classic psychodynamic therapy wealthy

  3. hydroxychloroquine price in bangladesh

    July 24, 2021 at 2:11 am

    hydroxychloroquine price in bangladesh

    Open Sourcing JA3: SSL/TLS Client Fingerprinting for Malware Detection – Cyber Forensicator

  4. hydroxychloroquine side effects eyes

    July 31, 2021 at 7:56 am

    hydroxychloroquine and covid

    gay endometrium prospect