Trisul Network Analytics
Developer Zone

User Tools

Site Tools

You are here: Home » Script » Detecting covert channels in X.509 Digital Certificates using the Trisul LUA API
Trace:
script:x509_ext_c2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Last revisionBoth sides next revision
script:x509_ext_c2 [2018/02/09 00:01] – [Analysing the sample PCAP in Trisul] veerascript:x509_ext_c2 [2024/06/05 10:40] – old revision restored (2018/02/09 00:01) thiyagu
Line 18: Line 18:
 ==== Analysing the sample PCAP in Trisul ==== ==== Analysing the sample PCAP in Trisul ====
  
-The researchers have provided a [[https://github.com/fideliscyber/x509|sample PCAP file containing a POC]] of the channel (( GitHub page of POC https://github.com/fideliscyber/x509)). If you import the PCAP file into Trisul using ''trisulctl_probe importpcap mimikatz_sent.pcap'' and navigate to SSL Certs FTS and then search for Key" you can see the certificates in full text format. This is shown below.+The researchers have provided a [[https://github.com/fideliscyber/x509|sample PCAP file containing a POC]] of the channel  GitHub page of POC https://github.com/fideliscyber/x509)). If you import the PCAP file into Trisul using ''trisulctl_probe importpcap mimikatz_sent.pcap'' and navigate to SSL Certs FTS and then search for Key" you can see the certificates in full text format. This is shown below.
  
  
Line 67: Line 67:
  
 The [[https://github.com/trisulnsm/trisul-scripts|trisul-scripts GitHub repo]] contains dozens of example scripts of all kinds. The Documentation is Open and Free to use for all. Give it a go. The [[https://github.com/trisulnsm/trisul-scripts|trisul-scripts GitHub repo]] contains dozens of example scripts of all kinds. The Documentation is Open and Free to use for all. Give it a go.
- 
- 
  
    
  
script/x509_ext_c2.txt · Last modified: 2024/06/05 10:49 by thiyagu