Detection
How adversaries actually classify traffic — DPI, active probing, TLS fingerprinting, ML classification, side channels, BGP-level analysis.
6 of 6 modules published
Deep packet inspection: pattern, statistical, and behavioral classification
How real traffic classifiers combine signatures, protocol parsing, flow statistics, and behavior after payload visibility disappears.
Active probing methodology
How detectors confirm suspicious endpoints with chosen inputs, from state-machine exploration to probe-resistant proxy design.
TLS fingerprinting in production
ClientHello structure, JA3 versus JA4, drift, ambiguity, and how production detectors really use TLS fingerprints.
Encrypted traffic classification with ML
How feature engineering, deep learning, dataset design, and concept drift shape machine-learning-based classification of encrypted traffic.
Side channels in encrypted protocols
Compression oracles, TLS record lengths, QUIC behavior, and why encrypted protocols still leak through observable structure.
Network-level traffic analysis
NetFlow, multi-vantage correlation, BGP/routing attacks, and why where you observe traffic matters as much as what you observe.
Need this curriculum applied to your network?
Custom training, downloadable companion assets, network architecture review, and on-call deployment help land inside our consulting engagements.
See engagements