Could DNS traffic be hiding active C2 in your environment right now?

We welcome you to join us for a free monthly one-hour training session on command & control and malicious traffic with Faan Rossouw (Active Countermeasures) and learn a stealthy C2 technique that bypasses common DNS tunneling detections and how to catch it.

What you’ll learn:

• How attackers abuse DNS TXT records to deliver payloads (server to agent)
• Why low-subdomain-count DNS C2 slips past default thresholds
• The behavioral signals defenders can reliably hunt for
• A real-world case study: Joker Screenmate malware (DomainTools, July 2025)

Faan will walk through a full threat hunt, so you’ll leave with practical skills you can apply immediately, including one Zeek command you can run today to find TXT record abuse in your logs.

Chat and interact with us and your fellow attendees in the BHIS Discord server: https://discord.gg/bhis in the #🔴live-chat channel

Register Here

P.S. You are also welcome to join us up to 30 minutes early for pre-show banter!