-
|
Hello, If I configure Sliver to use mTLS for C2 communications, are there any specific fingerprints or characteristics (such as certificate details, JA3 hashes, or traffic patterns) that could make the traffic identifiable as Sliver C2 traffic? What would you recommend to reduce the risk of Sliver traffic being detected or fingerprinted when using mTLS? Thank you! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
mTLS is designed for security, stability, and speed, and is not recommended for operations where stealthy network traffic is a significant priority. Recommend using HTTP/S for "stealthy" comms. |
Beta Was this translation helpful? Give feedback.
-
I am currently using both HTTPS and mTLS. I use HTTPS for stable communication, but when I need to perform certain operations, I use the mTLS protocol to establish a long connection for better speed, because I am a heavy user of Pty. As a result, my C2 server has to run on two ports. The mTLS certificate is self-generated. However, the mTLS port still gets detected as a Sliver C2, even though only the mTLS port is recognized. |
Beta Was this translation helpful? Give feedback.
mTLS is designed for security, stability, and speed, and is not recommended for operations where stealthy network traffic is a significant priority. Recommend using HTTP/S for "stealthy" comms.