NCC Group / Fox-IT Data Science
NCC Group / Fox-IT Data Science
Thanks for the suggestions all, the x3 speed boost already helps a lot! @smastelini @AdilZouitine I think that indeed keeping a binary tree in memory would be the ideal solution,...
Thanks for the link @MaxHalford. The past week I worked on what at first glance looks like a similar solution - using two heaps that are 'balanced' around the quantile...
Not yet, but I want to continue with it this week and probably share some code/figures once I'm satisfied with the results.
I did continue working on this a few weeks ago, but still need some more time to finalize the results
Indeed - we also recorded some Firefox traffic from Windows 11 to YouTube and that also uses IETF-quic. We can generate some sample pcaps of default browser traffic, but also...
That's great! Please let us know if we can assist with something.
@0xxon We'll also experiment a bit with Spicy, will post/commit it into a branch if anything useful comes out of that
I worked on it for a while, and pushed the code to https://github.com/fox-ds/spicy-quic. Note that it's just a start; it should be further improved, but it can be used as...
To summarize what I have found so far (which might help): https://github.com/zeek/zeek/blob/master/src/analyzer/protocol/gssapi/gssapi-protocol.pac has ``` type GSSAPI_NEG_TOKEN_MECH_TOKEN(is_orig: bool) = record { meta : ASN1EncodingMeta; token : bytestring &length=meta.length; } &let {...
We believe it's still an open issue