This presentation will go over how net defenders and threat intel analysts can use TLS/SSL data from sources like scans.io and censys.io to defend their networks and hunt threat actors that use TLS/SSL either for communication in their malware or for their infrastructure.
Mark Parsons is a net defender that has slowly turned into a small time developer and occasional threat analyst. Over the past 4 years he has worked at a civilian federal agency doing incident response and threat intelligence. He has spent the past few years working on creating solutions that allow threat analysts and net defenders to spend more time looking at data rather than collecting it.