Exploring JARM – An Active TLS Fingerprinting Algorithm

Explore the intricacies of JARM, an active TLS fingerprinting algorithm developed by Salesforce, in this comprehensive conference talk from the Hack In The Box Security Conference. Delve into the algorithm's functionality, including its ability to cluster servers with similar TLS configurations, identify default application settings, and detect malware C&C servers. Learn about the first C++ implementation of JARM, which offers additional features, and gain insights from a deep technical analysis of its inner workings. Examine the factors that contribute to unique or shared JARM fingerprints, and discover peculiar server behaviors that may affect fingerprint confidence levels. Consider potential improvements to the algorithm for enhanced fingerprint reliability. Review fascinating findings from scans of the top 1 million Alexa websites and 100,000 WordPress sites. Access the source code and supporting data, which will be made available on GitHub, to further your understanding of this powerful TLS fingerprinting tool.

#HITB2023AMS #COMMSEC D1 - Exploring JARM – An Active TLS Fingerprinting Algorithm - Mohamad Mokbel