AC-Hunter How It Works

How It Works

In the videos below, John Strand explains how AC-Hunter (previously known as AI-Hunter) can help your company detect threats from malicious malware.

AC-Hunter Overview

A seven minute overview of the problem AC-Hunter solves and how it does it. John discusses how modern backdoors communicate with their command and control (C&C) servers. He discusses the challenges faced with identifying backdoor traffic using classic security tools and techniques. He then dives into the unique way AC-Hunter shines a spotlight on this traffic.


It is common for attackers to use DNS as a backdoor command and control channel. However, it is very hard to detect with traditional IDP/IPS technologies.

Why? Because the data in DNS isn’t consistent enough to write a signature and the servers used are usually trusted DNS servers. See how AC-Hunter can easily detect these troublesome backdoors.

Beaconing Backdoor (VSAgent)

In this video, we walk through a proof of concept backdoor which almost all traditional IDS/IPS systems will not detect. It will introduce you to the difficulty of detecting beaconing backdoors and it will show how AC-Hunter can easily detect these implants.

Social Media Backdoor

Attackers are hiding even deeper in the websites you use every day – sites like Gmail, Tumblr, and Dropbox can be used as command and control servers for malware.

In this video, we show how AC-Hunter can be used to easily detect these backdoors with beaconing data size analysis.