March TASK – Leveraging Forensics / Stealthier Attacks and Smarter Defending with TLS Fingerprinting

Wednesday 30-March-2016 // 6:00 – 9:00 PM
Meeting Location: 55 John Street, Toronto
Room Rotunda (On main floor, just past elevators)

Speaker: Lee Brotherston
Topic 1: Stealthier Attacks and Smarter Defending with TLS Fingerprinting

Ever been busted because your man in the middle software (which does TLS properly) alerted someone to your bad certificate? No more! Want to detect certain types of connections leaving your network, but can’t keep the IP blacklist up to date? This could be the answer.

This talk includes an introduction to both TLS and man in the middle attacks, a walkthrough on what TLS fingerprints contain, how to create your own fingerprints, how we use the fingerprints in several scenarios, a demo, and a discussion of implications and pitfalls.

TLS provides transport security to all manner of connections from legitimate financial transactions to private conversations and malware calling home. The inability to analyse encrypted traffic protects its users, whether they are legitimate or malicious. This talk explores a technique for quickly and passively fingerprinting TLS clients and adapting our responses for the purposes of both attack and defence. Attackers can make automated decisions concerning when to man in the middle a connection and when to let the clients pass through silently, remaining stealthy. Defenders can gain insight into what is making encrypted connections within their networks without access to either endpoints or cryptographic keying material.

Topic 2: Cloud Security “Ask us Anything!” Panel

The topic of cloud and how to map security solutions to the cloud is an evolving conversation.  We’ve been fortune to put together a panel of experts that rather nicely provide coverage to answer questions broadly covering:

  • Building secure applications in the cloud
  • Implementing security and usage scenarios to Microsoft Azure
  • Implementing security and usage scenarios specific to Amazon AWS
  • Cross cloud security considerations
  • Adapting your security reviews and models

This is being planned as an “Ask us Anything” and highly interactive session.  Everyone on the panel comes from a consulting organization and can share real world case studies and experiences from a wide variety of implementations.  Come prepared to ask us anything!


  • Brian Bourne: Microsoft MVP, TASK/SecTor Co-Founder
  • James Arlen, Leviathan Security, Director of Risk and Advisory Services
  • Neil Bunn, Scalar Decisions, Chief Technology Officer
  • Cosmin Ovesia, New Signature, Solution Architect

Meeting Location: 55 john Street, Toronto. Rotunda Room

Posted in Events.