https://archworks.co/tags/suricata/enSun, 03 May 2026 00:00:00 +0000https://archworks.co/docs/detecting-encrypted-tunnels/Sun, 03 May 2026 00:00:00 +0000https://archworks.co/docs/detecting-encrypted-tunnels/The defensive counterpart: how to catch encrypted tunnels - REALITY, VLESS-over-WebSocket, DoH, QUIC/MASQUE - with self-hosted, open-source tooling. Threat model and obfuscation levels, a controls-vs-evasions matrix, production Suricata/Zeek/RITA detections, alerting policies, and a response runbook.