Differences

This shows you the differences between two versions of the page.

--- script:x509_ext_c2 [2018/02/08 23:44] – [Analysing the sample PCAP in Trisul] veera
+++ script:x509_ext_c2 [2018/02/08 23:46] – [The Full Text Search FTS Document] veera
@@ Line 14: / Line 14: @@
   - the **FTS** stream: a complete text dump of the meta data. The DNS FTS stream would be a full dump of all DNS fields - much like the DIG format. Similarly for SSL Certificates, the FTS stream passes text documents that mirror the `openssl x509` command.
-You can see the different approach taken by Trisul NSM compared to Bro IDS. Instead of fine grained events, Trisul provides a text document.
+You can see the **different approach taken by Trisul NSM compared to Bro IDS**. Instead of fine grained events, Trisul provides a text document.
 ==== Analysing the sample PCAP in Trisul ====
-The researchers have provided a [[https://github.com/fideliscyber/x509|sample PCAP file containing a POC]] of the channel (( GitHub page of POC https://github.com/fideliscyber/x509). If you import the PCAP file into Trisul using ''trisulctl_probe importpcap mimikatz_sent.pcap'' and navigate to SSL Certs FTS and then search for Key" you can see the certificates in full text format. This is shown below.
+The researchers have provided a [[https://github.com/fideliscyber/x509|sample PCAP file containing a POC]] of the channel (( GitHub page of POC https://github.com/fideliscyber/x509)). If you import the PCAP file into Trisul using ''trisulctl_probe importpcap mimikatz_sent.pcap'' and navigate to SSL Certs FTS and then search for Key" you can see the certificates in full text format. This is shown below.