We all know that beacons – regular connections between systems – are commonly used to carry instructions and data in a command and control channel. But that raises an interesting question; are Beacons always malicious?

In this presentation by Active Countermeasures’, Keith Chew, & Bill Stearns, we’ll look at the Threat types normally associated with command and control traffic and see how legitimate application traffic can show up. We’ll go over the types of traffic and how to identify and whitelist them.

Join the THREAT HUNTING COMMUNITY Discord Server to engage with the presenters and your fellow attendees during the webcast: https://discord.gg/dnmvXkz

Register Here

Bill Stearns

Bill has authored numerous articles and tools for client use. He also serves as a content author and faculty member at the SANS Institute, teaching the Linux System Administration, Perimeter Protection, Securing Linux and Unix, and Intrusion Detection tracks. Bill’s background is in network and operating system security; he was the chief architect of one commercial and two open source firewalls and is an active contributor to multiple projects in the Linux development effort. Bill’s articles and tools can be found in online journals and at http://github.com/activecm/ and http://www.stearns.org.