How It Works
In the videos below, John Strand explains how AC-Hunter (previously known as AI-Hunter) can help your company detect threats from malicious malware.
AC-Hunter Overview
A seven minute overview of the problem AC-Hunter solves and how it does it. John discusses how modern backdoors communicate with their command and control (C&C) servers. He discusses the challenges faced with identifying backdoor traffic using classic security tools and techniques. He then dives into the unique way AC-Hunter shines a spotlight on this traffic.
DNS
It is common for attackers to use DNS as a backdoor command and control channel. However, it is very hard to detect with traditional IDP/IPS technologies.
Why? Because the data in DNS isn’t consistent enough to write a signature and the servers used are usually trusted DNS servers. See how AC-Hunter can easily detect these troublesome backdoors.
Beaconing Backdoor (VSAgent)
In this video, we walk through a proof of concept backdoor which almost all traditional IDS/IPS systems will not detect. It will introduce you to the difficulty of detecting beaconing backdoors and it will show how AC-Hunter can easily detect these implants.
Social Media Backdoor
Attackers are hiding even deeper in the websites you use every day – sites like Gmail, Tumblr, and Dropbox can be used as command and control servers for malware.
In this video, we show how AC-Hunter can be used to easily detect these backdoors with beaconing data size analysis.