Webcasts

April 22nd, 2023

Chris Brenton walks through a fresh install process for AC-Hunter Community Edition from a TAR file installer.

///Get AC-Hunter CE
https://www.activecountermeasures.com/ac-hunter-community-edition/download/

///AC-Hunter CE Info
https://www.activecountermeasures.com/ac-hunter-community-edition/

///AC-Hunter General Info
https://www.activecountermeasures.com/ac-hunter/

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

#ACHunter #ActiveCountermeasures #ThreatHunting #threatintel #Cybersecurity #Infosec #infosecurity

8 1

April 21st, 2023

Bill Stearns walks through a fresh install process for AC-Hunter Community Edition on VMware

///Get AC-Hunter CE
https://www.activecountermeasures.com/ac-hunter-community-edition/download/

///AC-Hunter CE Info
https://www.activecountermeasures.com/ac-hunter-community-edition/

///AC-Hunter General Info
https://www.activecountermeasures.com/ac-hunter/

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

#ACHunter #ActiveCountermeasures #ThreatHunting #Threatintel #Cybersecurity #Infosec

14 1

April 6th, 2023

The free Community Edition of AC-Hunter has a majority of the functionality (with some limitations) available in the paid Enterprise Edition of AC-Hunter and retains the same powerful threat hunting analytics and network insights.

This video highlights the differences between the two editions.

///AC-Hunter™ Community Edition
https://www.activecountermeasures.com/ac-hunter-community-edition/

///AC-Hunter Pricing – Let The Hunt Begin!
https://www.activecountermeasures.com/ac-hunter-pricing/

///chapters
00:00 - Community Edition Vs Enterprise
00:10 - Cost
00:36 - Sensors Supported
01:00 - Daily Snapshots
01:28 - Datasets
01:53 - Reporting
02:12 - Customizable Menus
03:12 - Safelist Entries
03:55 - Safelist Sharing
04:13 - LDAP Support
04:24 - Alerting
05:09 - Scoring Customization
05:49 - Support



///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

4 1

April 5th, 2023

Active Countermeasures offers AC-Hunter, a network threat hunting solution that analyzes network traffic to detect which internal systems have been compromised. There are no agents to install; AC-Hunter verifies all devices regardless of operating system or hardware. AC-Hunter also inspects encrypted sessions while maintaining data privacy and integrity.

///AC-Hunter™ Community Edition
https://www.activecountermeasures.com/ac-hunter-community-edition/

///Learn More About AC-Hunter™
https://www.activecountermeasures.com/ac-hunter/

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

16 1

March 20th, 2023

DOWNLOAD CLASS LABS: https://www.activecountermeasures.com/hunt-training/

Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

59 4

March 15th, 2023

You read that correctly, we are releasing a free version of our network threat hunting tool, AC-Hunter! As a community, we face an exhaustive number of challenges. There is the gap in needed threat hunting skills, the increase in dwell time of successful attacks, as well as the steadily increasing cost of recovery. Clearly, we need better tooling that can help even junior analysts take the fight to our adversaries.

So we’ve decided to release a free version of AC-Hunter to ensure that “price” is not an inhibitor to threat hunting your environment. In this webcast, we will prove a first look at the tool. We will also be announcing free training on how to download, deploy and manage the tool. Come join the webcast and help us make 2023 the year we start reversing the data breach trends!

///AC-Hunter Community Edition!
https://www.activecountermeasures.com/ac-hunter-community-edition/

Join our Threat Hunter Community Discord Server to join in on the conversation during and after the webcast: https://discord.gg/threathunter

///Chapters
00:00 - Introducing AC-Hunter Community Edition!
00:28 - Why release a Community Edition?
01:48 - RITA Vs AC-Hunter
02:13 - ACH CE Vs ACH Enterprise
03:19 - DEMO
03:52 - AC-Hunter Features – Canary Tokens
06:22 - Safe list Entries
07:36 - Jitter Detection?
12:42 - Important Data Up Front, Visually Presented
13:34 - Verifying an IP?
16:35 - It’s Been A Long Connection, and I Have Reason To Believe…
19:00 - Gauge Scope of a Potential Compromise
21:56 - Threat Intel - Not Very Helpful
24:52 - This is how we do “Threat Intel”
27:32 - Dealing with Proxies
28:14 - Dealing with CDNs
30:10 - Strobes
31:49 - DNS Module
36:45 - Data Feeds
38:39 - Install Options
40:09 - LINK: AC-Hunter Community Edition : https://www.activecountermeasures.com/ac-hunter-community-edition/
41:05 - Questions?
41:25 - Q: Syslog Alerting?
43:01 - Q: Enterprise network install?
43:44 - Q: AC-Hunter CE in a CCDC environment?
44:03 - Q: Beaker and AC-Hunter Community Edition?
45:40 - Q: AC-Hunter CE on a box with a network span port?
47:15 - Q: Link AC-Hunter CE to existing solutions?
48:27 - Q: Docker Container?
49:28 - Q: What’s the attack surface of AC-Hunter
52:16 - Q: Log rotation interval?
53:29 - Q: Traffic samples for DEMO
56:51 - Q: AC-Hunter CE Zeek Logs?
58:12 - Q: AC-Hunter CE CTF?
58:52 - Q: Final Thoughts

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

15 0

January 21st, 2023

00:00 - Using Roles
01:16 - Where to get roles?
04:31 - Putting it all together
06:55 - Ansible Tips
08:53 - DEMO TIME
16:20 - Questions and Closing

Are you a red or blue teamer trying to automate infrastructure tasks? Ansible may be your solution! We are talking about the open-source automation framework that is used to provision, deploy, and manage compute infrastructure across cloud, virtual, and physical environments. In this webcast, Dave Quartarolo will be discussing getting started with the Ansible automation language.


///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/

10 1

January 21st, 2023

00:00 - Ad Hoc Commands
02:56 - Connecting to Hosts
05:25 - Privilege Escalation
06:58 - Real Quick – YAML
12:06 - Playbooks
17:09 - Variables
18:58 - Playbooks (2)
23:03 - Just the Facts


Are you a red or blue teamer trying to automate infrastructure tasks? Ansible may be your solution! We are talking about the open-source automation framework that is used to provision, deploy, and manage compute infrastructure across cloud, virtual, and physical environments. In this webcast, Dave Quartarolo will be discussing getting started with the Ansible automation language.


///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/

9 0

January 20th, 2023

00:00 - FEATURE PRESENTATION: All About Ansible! Part 1
01:51 - All About David Quartarolo
03:16 - Why Ansible?
04:47 - What is Ansible?
09:48 - Why Should I Use It?
12:38 - Before We Start
15:02 - Building an Inventory

Are you a red or blue teamer trying to automate infrastructure tasks? Ansible may be your solution! We are talking about the open-source automation framework that is used to provision, deploy, and manage compute infrastructure across cloud, virtual, and physical environments. In this webcast, Dave Quartarolo will be discussing getting started with the Ansible automation language.


///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/

26 2

December 14th, 2022

Active Countermeasures has a new tool for you! SMUDGE is a purely passive fingerprinting tool that identifies systems via TCP SYN packets. This completely free and opensource tool uses a curated list of verified signatures to help you identify even more about your traffic.


Please join us to learn all about SMUDGE!

4 0

October 17th, 2022

View our blog post for this video: https://www.activecountermeasures.com/threat-hunting-shorts-collecting-the-right-data-video-blogs/

18 0

October 17th, 2022

25 0

October 5th, 2022

///Join our Threat Hunter Community Discord Server to join in on the conversation during and after the webcast https://discord.gg/threathunter

///Chris Brenton from Active Countermeasures is conducting another free, one-day, Cyber Threat Hunting Training online course!

We have had over 20,000 students attend our training live!

One of the biggest challenges in security today is identifying when our protection tools have failed and a threat actor has made it onto our network.

In this free, one-day (6-hours) course, we will cover how to leverage network and host data to perform a cyber threat hunt.

The focus will be on processes and techniques that can be used to protect:
- Desktops
- Servers
- Network gear
- IIoT
- BYOD system

The course includes hands-on labs using packet captures of various command and control channels.

We will also discuss how you can use our new Sysmon tool BeaKer to detect attacks on the host with Sysmon... for free!

The labs will enable you to apply what you've learned using various open-source tools.

By the end of the course, you’ll understand the tools and techniques needed to perform compromise assessments within your own environment. While the course will be available later for download, live attendees will receive a "Cyber Security Threat Hunter Level-1" certificate.

Why are we doing it? Cyber threat hunting is a relatively new discipline. As an industry, we are still formulating standards and procedures. We want to do our part by giving back to the security community. We are hoping that by sharing what we've learned we can help spark new ideas and threat hunting tools. Let's build a community and solve these problems together.

Join our Threat Hunter Community Discord Server to join in on the conversation during and after the webcast https://discord.gg/threathunter

This will be a live course with QA available. Pre-show Banter and Set-up questions will start at 10:30am ET. The Presentation will begin at 11am ET.

Labs last updated July 9th 2022

66 3

September 23rd, 2022

00:00 - FEATURE PRESENTATION: Getting the details From Zeek
01:48 - Exploring By Hand
05:28 - zless
06:25 - Searing for an IP address in a file
13:05 - Using Zeek Cut
19:42 - THT - Threat Hunting Toolkit
24:06 - THT- Connections
29:03 - THT - DNS
42:56 - Thank You
43:47 - Bonus - Validating Certificates
48:33 - Questions and Closing


Join our Threat Hunter Community Discord Server to join in on the conversation during and after the webcast: https://discord.gg/threathunter

High-level packet analysis tools give us the overview of what's on a network; they save us huge amounts of time. But every once in a while we look at these summaries and say "What the heck is going on with this system?"

Here's where we need to fall back to either looking at raw packets or going halfway there by looking at Zeek logs. Zeek provides a rich amount of detail on network traffic if you know how to extract it! In this talk we'll look at both manual and semi-automated approaches to getting more detail out of your Zeek logs.

18 2

September 22nd, 2022

View our blog post for this video: https://www.activecountermeasures.com/threat-hunting-safelisting-video-blog/

24 0

September 20th, 2022

View our blog post for this video: https://www.activecountermeasures.com/threat-hunting-c2-over-dns-video-blog

30 1

September 15th, 2022

View our blog post for this video: https://www.activecountermeasures.com/threat-hunting-fqdn-beacons-video-blog/

22 0

September 13th, 2022

View our blog post for this video: https://www.activecountermeasures.com/threat-hunting-ip-based-beacons-video-blog/

18 1

September 12th, 2022

View our blog post for this video: https://www.activecountermeasures.com/what-is-cyber-threat-hunting-video-blog/

7 2

September 12th, 2022

View our blog post for this video: https://www.activecountermeasures.com/how-to-threat-hunt-video-blog/

11 2

September 12th, 2022

View our blog post for this video: https://www.activecountermeasures.com/malware-command-and-control-how-it-works-video-blog/

19 0

September 12th, 2022

View our blog post for this video: https://www.activecountermeasures.com/threat-hunting-long-connection-detection-video-blog/

7 0

August 26th, 2022

Cyber Deception is a strategy used to attract cyber criminals away from an enterprise’s true assets and divert them to a monitored decoy.

In version 6.0 of AC-Hunter, we added a Cyber Deception module. This module allows for the creation and monitoring of two types of canary tokens. File-access tokens will generate an alert when a designated file has been accessed. User-access tokens will generate an alert when an authentication attempt is made against a monitored user, or a Kerberos ticket is requested for that user.

In this webcast, AC-Hunter developer Logan Lembke will explain why we added this module to AC-Hunter and show you how it works.

Join our Threat Hunter Community Discord Server to join in on the conversation during and after the webcast: https://discord.gg/threathunter

15 1

July 12th, 2022

Lab & Slide Deck Downloads can be found here: https://www.activecountermeasures.com/cyber-threat-hunting-training-course/

Training Begins - 0:00:00
Hands-on Labs – 2:09:37

Join our Threat Hunter Community Discord Server to join in on the conversation during and after the webcast: https://discord.gg/threathunter

Sign up for our mailing list to stay updated on future webcasts and training: https://www.activecountermeasures.com/subscribe/

91 2

June 1st, 2022

Every threat hunter needs a set of tools they can count on when completing a hunt. In this webcast, Chris Brenton will go over his "threat hunting toolbox" discussing what open source tools he uses and why.

Join our Threat Hunter Community Discord Server to join in on the conversation during and after the webcast: https://discord.gg/threathunter

60 0

May 5th, 2022

–––– Chat in Discord:
Join the Threat Hunter Community: https://discord.gg/threathunter


00:00 - Preshow Banter
31:07 - FEATURE PRESENTATION

AC-Hunter in Azure Marketplace: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/activecountermeasuresinc1631039410073.ach-azure-release?tab=Overview


Threat hunting in a cloud environment is tricky. The span port we depend on to get a copy of all network traffic doesn’t usually exist in the cloud as there aren’t physical switches between virtual machines. However, even if we can’t capture traffic on the (virtual) network at a Cloud provider, we can still capture network traffic at each individual server.


Our developers at Active Countermeasure have created an integration between AC-Hunter and Azure that does exactly this! We now provide easy integration with Azure systems and are in the process of offering an appliance in the Azure Marketplace! This software will tell each machine to self-report its network traffic back to a new AC-Hunter server.


In this webcast, ACM developers Brian & Logan will discuss our journey in getting this integration deployed, walk folks through some of the caveats we ran into with network watcher, and discuss the current state of AC-Hunters integration with Azure. We will also have time at the end to answer questions from attendees on this new AC-Hunter feature.

12 0

March 30th, 2022

–––– Chat in Discord:
Join the Threat Hunter Community: https://discord.gg/threathunter

00:00 - FEATURE PRESENTATION
09:46 - DEMO on Screen
55:20 - Questions and Closing

So you've studied threat hunting methodology and researched all the threat hunting tools... but how do you actually apply all this knowledge into doing a real threat hunt?

In this webcast, Chris Brenton will walk through using Zeek and RITA to do a full hunt from the initial review of the data, through identifying which host is compromised to pinpoint what (if any) data has been exfiltrated.

Join our Threat Hunter Community Discord Server to join in on the conversation during and after the webcast: https://discord.gg/threathunter

52 2

March 16th, 2022

–––– Chat in Discord:
Join the Threat Hunter Community: https://discord.gg/threathunter

–––– For Certificates, Register and Watch Here:
https://zoom.us/webinar/register/6516462565714/WN_HKOQZDF0SIyOETLyEgq0Aw


R.I.T.A. (Real Intelligence Threat Analytics) is an open-source framework for detecting command and control communication through network traffic analysis. But how exactly does RITA work? How is RITA able to find beacons and account for jitter?

In this webcast, Chris Brenton and Lisa Woody will discuss the inner workings of RITA and how it is able to threat hunt your network traffic so effectively.

Join our Threat Hunter Community Discord Server to join in on the conversation during and after the webcast: https://discord.gg/threathunter

32 1

March 3rd, 2022

–––– Chat in Discord:
Join the Threat Hunter Community: https://discord.gg/threathunter

–––– For Certificates, Register and Watch Here:
https://zoom.us/webinar/register/WN_l2iAjEMsSW-AzN1DXPEgGg

Our "Malware of the Day" blog series has become a huge hit over the last year and a half! The goal of the blog series is to help people more easily identify potential threats on their network by becoming familiar with the network communication methods commonly seen from observed malware.

We have received a lot of great feedback on how helpful the blogs are to the community, as well as gotten a lot of requests to do a live webcast for the series. The community asked... so we answered! Join Keith Chew (creator of the blog series) Wednesday, March 2nd in this Malware of the Day - Webcast Edition!

Join our Threat Hunter Community Discord Server to join in on the conversation during and after the webcast: https://discord.gg/threathunter

20 0

March 1st, 2022

Lab & Slide Deck Downloads can be found here: https://www.activecountermeasures.com/cyber-threat-hunting-training-course/

Pre-show Banter – 0:00:00
Training Begins – 0:21:41
Hands-on Labs – 2:58:42

Join our Threat Hunter Community Discord Server to join in on the conversation during and after the webcast: https://discord.gg/threathunter

Sign up for our mailing list to stay updated on future webcasts and training: https://www.activecountermeasures.com/subscribe/

61 2