Visibility Beyond Perimeters - Detecting C2 at Time of Execution
BruCON Security Conference via YouTube
Overview
This course aims to teach learners how to detect Command and Control (C2) activities at the time of execution beyond organizational perimeters. The course covers the limitations of traditional detection techniques such as anti-virus, log files, and packet captures, and introduces a new method leveraging network IOCs for near-real-time alerting without the need for endpoint client software. The teaching method includes a presentation with real-world examples and demonstrations. This course is intended for cybersecurity professionals, network administrators, incident responders, and anyone interested in advanced threat detection techniques.
Syllabus
Intro
Why is this important
Showdown
F51 vulnerability
Who found F51
What we found
How we did this
Gray Noise
Forensics
Showdown Hunting
Pro Tips
Ingram Micro
DNS
DNS IOCs
Ransomware
trojans
CTI League
Answering malware
Detecting malware
Detecting botnets
Conclusion
QA
Taught by
BruCON Security Conference