If you have apache and can’t find it, look in the configuration file (often found in /etc/apache2/) for the following: SSLCertificateKeyFile. Sometimes it is hard to find encryption keys in your pantry so here are some common locations that they may be stored: Linux This allowed us to decrypt the traffic and view all of the commands issued. It was quite exciting being able to watch every step of the attack, so I would like to share the steps so that you can do it yourself! A Recipe for Decrypting SSL in Wireshark All of the traffic was over HTTPS, but we fortunately had the key. The attacker got a web shell on one of the servers and was mucking around with that. I recently was involved in an responding to an incident and one thing that was key to our investigation was decrypting SSL traffic.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |