|
Rik talked about JARM yesterday "Threat Hunting with JARM". JARM is a tool to fingerprint TLS servers. I made some changes to the JARM code to support a SOCKS proxy. Now I can use JARM over Tor, for example:
You will miss information when you use a SOCKS proxy: the resolved IP, in case you use a domain name. And on Linux, there are other methods to achieve this. Didier Stevens |
DidierStevens 647 Posts ISC Handler Nov 29th 2020 |
| Thread locked Subscribe |
Nov 29th 2020 1 year ago |
|
The DOC (Bazaar f84b3a056abcbcfd5976afe8776a35c5894b379e65c411ddc421941d3a2a4b8b) is a malware without VBA. It is labeled as "Loki", but it could be a good trial for your TOR jarm.py
Thank for your efforts! |
Anonymous |
| Quote |
Dec 1st 2020 1 year ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
