Active Countermeasures Webcast
03-03-2021
Are Beacons Evil?
We all know that beacons – regular connections between systems – are commonly used to carry instructions and data in a command and control channel. But that raises an interesting question; are Beacons always malicious? In this presentation by Active Countermeasures’, Keith Chew, & Bill Stearns, we’ll look at the Threat types normally associated with command and control traffic and see how legitimate application traffic can show up.
We’ll go over the types of traffic and how to identify and whitelist them.
Presented by: Bill Stearns & Keith Chew
Timeline:
- 00:00 – PreShow Banter™ — Evil Bacon
- 03:30 – FEATURE PRESENTATION:
- 04:27 – Threat Types to Consider
- 12:07 – It’s a Beacon, It MUST Be Evil!
- 18:02 – Benign Traffic That Look Like Threats
- 45:12 – What if I Don’t Know?
- 49:12 – Whitelisting Support
- 52:04 – References
- 56:53 – Thanks & Questions