There has been tremendous growth in the percentage of network traffic that is encrypted over the last decade.
With this comes many challenges for incident responders.
Decrypting the traffic is often hard, if not impossible. The rise of encryption has undoubtedly increased privacy for users, but we know that threat actors take advantage of it as well.
As network defenders our visibility is impacted, and traditional network monitoring detection will not always work.
In this talk we will discuss the problem of encrypted traffic as it pertains to network detection and response, educate you on new developments in SSL/TLS, and demonstrate how you can still hunt for and detect badness in encrypted traffic.