BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.securitybsides.org.uk//bsides-london-2024//talk//RA9
 DK8
BEGIN:VTIMEZONE
TZID:GMT
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:GMT
TZOFFSETFROM:+0100
TZOFFSETTO:+0000
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T020000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:BST
TZOFFSETFROM:+0000
TZOFFSETTO:+0100
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsides-london-2024-RA9DK8@cfp.securitybsides.org.uk
DTSTART;TZID=GMT:20241214T115000
DTEND;TZID=GMT:20241214T120500
DESCRIPTION:Malicious domains are part of the landscape of the internet but
  are becoming more prevalent and more dangerous to both companies and indi
 viduals. Tracking\, blocking and detecting such domains is complex\, and v
 ery often involves complex allow or deny list management or SIEM integrati
 on with open-source TLS fingerprinting techniques. Many fingerprint techni
 ques such as JARM and JA3 are used by threat hunters to determine domain c
 lassification\, but with the increase in TLS similarity\, particularly in 
 CDNs\, they are becoming less useful. This presentation demonstrates how w
 e can adapt and evolve open-source TLS fingerprinting techniques with incr
 eased features to enhance granularity\, and to produce a similarity mappin
 g system that enables the tracking and detection of previously unknown mal
 icious domains. This is done by enriching TLS fingerprints with HTTP heade
 r data and producing a fine grain similarity visualisation that represente
 d high dimensional data using MinHash and local sensitivity hashing. Influ
 ence was taken from the Chemistry domain\, where the problem of high dimen
 sional similarity in chemical fingerprints is often encountered.
DTSTAMP:20260611T011559Z
LOCATION:Rookie track 2
SUMMARY:From Molecules to Malware: Visualising TLS Fingerprints with TMAP t
 o Hunt Malicious Domains. - Amanda Thomson
URL:https://cfp.securitybsides.org.uk/bsides-london-2024/talk/RA9DK8/
END:VEVENT
END:VCALENDAR