This presentation will go over how net defenders and threat intel analysts can use TLS/SSL data from sources like scans.io and censys.io to defend their networks and hunt threat actors that use TLS/SSL either for communication in their malware or for their infrastructure.