MSS – Detection of cyber threats in SMBv3 protocol traffic

MSS – Detection of cyber threats in SMBv3 protocol traffic

Keywords: Detection, SMB3, Protocol analysis, Detection methods, Encryption, Packet inspection, exploit detection Duration: 5-10 months Context:…

Keywords:

Detection, SMB3, Protocol analysis, Detection methods, Encryption, Packet inspection, exploit detection
Duration: 5-10 months
Context: HBO/WO thesis

Context:

SMB3 is the third version of the SMB network protocol used within Microsoft networking. Due to the use of encryption in this version of SMB, detection methods and capabilities in network monitoring change. What problems will occur moving forward? How can this problem be addressed? What information can still be gained from this traffic?

Activities:

Research SMB3, and how it works. Produce a PoC on how detection could work, with Suricata, possibly Bro.

Neem contact op

+31 (0) 15 284 79 99

fox@fox-it.com

Delft