User Tools

Site Tools


script:x509_ext_c2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
script:x509_ext_c2 [2024/06/05 10:40] – old revision restored (2018/02/09 00:01) thiyaguscript:x509_ext_c2 [2024/06/05 10:49] (current) thiyagu
Line 18: Line 18:
 ==== Analysing the sample PCAP in Trisul ==== ==== Analysing the sample PCAP in Trisul ====
  
-The researchers have provided a [[https://github.com/fideliscyber/x509|sample PCAP file containing a POC]] of the channel  GitHub page of POC https://github.com/fideliscyber/x509)). If you import the PCAP file into Trisul using ''trisulctl_probe importpcap mimikatz_sent.pcap'' and navigate to SSL Certs FTS and then search for Key" you can see the certificates in full text format. This is shown below.+If you import the PCAP file into Trisul using ''trisulctl_probe importpcap mimikatz_sent.pcap'' and navigate to SSL Certs FTS and then search for Key" you can see the certificates in full text format. This is shown below.
  
  
script/x509_ext_c2.txt · Last modified: 2024/06/05 10:49 by thiyagu