1. Enhancing Network Security with JA3
Detailed Explanation on JA3 for TLS fingerprinting and early threat detection
2. $ whoami
Rakesh Seal
● R&D, Keysight (ATI Research)
● Network Security
● Embedded Systems (IoT)
● Full Stack Dev
● Automation Enthusiast
● 15+ Patent Publication
● Play DoTA 👾
rakeshseal0.github.io
3. What & Why Fingerprinting?
Network Fingerprinting: A cybersecurity method that identifies unique system traits from transmitted data, creating a
specific identifier for security enhancement.
● Device Identification
● Security And Threat Detection
● Exfiltration Prevention
● Resource Efficiency
12. Static Nature
03 ● Ja3 Might change on infrastructure change
● Need of ever updating DB
TLS Dependency
02 ● The Communication have to be encrypted
● Low adaptibility in ICS / SCADA Space
Evasion Strategies
01
● Extension Rotation
● Cipher Stunning
Limitations of JA3