BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Active Countermeasures - ECPv6.16.4.1//NONSGML v1.0//EN
CALSCALE:GREGORIAN
METHOD:PUBLISH
X-ORIGINAL-URL:https://www.activecountermeasures.com
X-WR-CALDESC:Events for Active Countermeasures
REFRESH-INTERVAL;VALUE=DURATION:PT1H
X-Robots-Tag:noindex
X-PUBLISHED-TTL:PT1H
BEGIN:VTIMEZONE
TZID:America/New_York
BEGIN:DAYLIGHT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
TZNAME:EDT
DTSTART:20250309T070000
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
TZNAME:EST
DTSTART:20251102T060000
END:STANDARD
BEGIN:DAYLIGHT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
TZNAME:EDT
DTSTART:20260308T070000
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
TZNAME:EST
DTSTART:20261101T060000
END:STANDARD
BEGIN:DAYLIGHT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
TZNAME:EDT
DTSTART:20270314T070000
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
TZNAME:EST
DTSTART:20271107T060000
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTART;TZID=America/New_York:20260220T130000
DTEND;TZID=America/New_York:20260220T140000
DTSTAMP:20260218T161002Z
CREATED:20260218T154640Z
LAST-MODIFIED:20260218T161002Z
UID:16360-1771592400-1771596000@www.activecountermeasures.com
SUMMARY:Threat Hunting C2: DNS TXT Record Abuse with Faan Rossouw
DESCRIPTION:Could DNS traffic be hiding active C2 in your environment right now? \nWe welcome you to join us for a free monthly one-hour training session on command & control and malicious traffic with Faan Rossouw (Active Countermeasures) and learn a stealthy C2 technique that bypasses common DNS tunneling detections and how to catch it. \nWhat you’ll learn: \n\nHow attackers abuse DNS TXT records to deliver payloads (server to agent)\nWhy low-subdomain-count DNS C2 slips past default thresholds\nThe behavioral signals defenders can reliably hunt for\nA real-world case study: Joker Screenmate malware (DomainTools\, July 2025)\n\nFaan will walk through a full threat hunt\, so you’ll leave with practical skills you can apply immediately\, including one Zeek command you can run today to find TXT record abuse in your logs. \nChat and interact with us and your fellow attendees in the BHIS Discord server: https://discord.gg/bhis in the #🔴live-chat channel \n  \nRegister Here\n  \n  \nP.S. You are also welcome to join us up to 30 minutes early for pre-show banter! \nKeith ChewKeith’s appreciation for computing and processes originates from working with his first personal computer in 1982\, a TI-99/4A. Keith sees himself as fortunate for the opportunity to apply his passion towards a career that assists in the advance of technology and continuing education. \nShare this:
URL:https://www.activecountermeasures.com/event/threat-hunting-c2-dns-txt-record-abuse-with-faan-rossouw/
LOCATION:Zoom
CATEGORIES:Faan Rossouw,Virtual Event,Webcasts
ATTACH;FMTTYPE=image/png:https://www.activecountermeasures.com/wp-content/uploads/2026/02/threat-hunting-c2-dns-txt-record-abuse-with-fann-rossouw-800.png
END:VEVENT
END:VCALENDAR