Webcasts

/// 📄 For Certificates, Register and Watch Here -
https://blackhillsinfosec.zoom.us/webinar/register/2616956597063/WN_DHwItAOvSV6CGsgvogWKQQ

For this webcast, we have invited guest speaker Faan Rossouw to discuss his approach to threat hunting.

This talk will explore how we can use live memory analysis (using Process Hacker) to identify diagnostic characteristics of standard -injected C2 beacons. In the first half we will explore the theory underpinning the approach, followed up by a live demo.

Note that this talk forms part of a larger overall approach to threat hunting, which is fully explored in a free hands-on threat-hunting course Faan created specifically for beginners - https://www.faanross.com/posts/course01/

Join our Threat Hunter Community Discord Server to join in on the conversation during and after the webcast: https://discord.gg/threathunter

24 1

/// ➡️ Register for the next Threat Hunter Training Course Here
https://www.activecountermeasures.com/hunt-training/

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

27 1

/// 📄 Get AC-Hunter CE
https://www.activecountermeasures.com/ac-hunter-community-edition/download/

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

35 4

In this webcast we are looking into what passive fingerprinting is and how to use Active Countermeasure's open-source tool SMUDGE. (Links below)

/// 📄 Github Repository
https://github.com/activecm/smudge

/// 📄 Signature Repository
https://github.com/activecm/tcp-sig-ison

/// 📄 AC-Hunter CE Info
https://www.activecountermeasures.com/ac-hunter-community-edition/

/// 📄 David Quartarolo Contact
Linkedin - https://www.linkedin.com/in/david-quartarolo/
Github - https://github.com/but-i-am-dominator
Mastodon - https://infosec.exchange/@dominator

///Chapters
00:00 - Passive Fingerprinting with SMUDGE | David Quartarolo
00:58 - Why We did this.
06:08 - The Behavior of TCP Packets
07:43 - What is Passive Fingerprinting?
14:35 - Why not p0f?
19:35 - Install DEMO
25:48 - User Friendly features.
43:29 - Options Layout
43:55 - Quirks
45:23 - Flowchart
45:48 - Questions?!

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/


Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

#ACHunter #ActiveCountermeasures #ThreatHunting #Threatintel #Cybersecurity #Infosec

10 0

Have you heard of the PROMPT# Magazine? It's a Free Infosec zine created by Black Hill Information Security. The most recent issue was all about Threat Hunting, and the content was created by ACM team members!

In this webcast, we will talk all about PROMPT# and hear from some of the threat hunting issue contributors.

Join our Threat Hunter Community Discord Server to join in on the conversation during and after the webcast: https://discord.gg/threathunter

7 0

/// ➡️ AC-Hunter™ Community Edition
https://www.activecountermeasures.com/ac-hunter-community-edition/

/// ➡️ Get AC-Hunter™ Community Edition
https://www.activecountermeasures.com/ac-hunter-community-edition/download/

/// ➡️ AC-Hunter™ General Info
https://www.activecountermeasures.com/ac-hunter/

/// ➡️ AC-Hunter™ Pricing – Let The Hunt Begin!
https://www.activecountermeasures.com/ac-hunter-pricing/

/// ➡️ AC-Hunter™Interactive Demo Space
https://www.activecountermeasures.com/live-demo/


///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

4 0

/// ➡️ AC-Hunter™ Community Edition
https://www.activecountermeasures.com/ac-hunter-community-edition/

/// ➡️ Get AC-Hunter™ Community Edition
https://www.activecountermeasures.com/ac-hunter-community-edition/download/

/// ➡️ AC-Hunter™ General Info
https://www.activecountermeasures.com/ac-hunter/

/// ➡️ AC-Hunter™ Pricing – Let The Hunt Begin!
https://www.activecountermeasures.com/ac-hunter-pricing/

/// ➡️ AC-Hunter™Interactive Demo Space
https://www.activecountermeasures.com/live-demo/


///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

2 0

/// ➡️ AC-Hunter™ Community Edition
https://www.activecountermeasures.com/ac-hunter-community-edition/

/// ➡️ Get AC-Hunter™ Community Edition
https://www.activecountermeasures.com/ac-hunter-community-edition/download/

/// ➡️ AC-Hunter™ General Info
https://www.activecountermeasures.com/ac-hunter/

/// ➡️ AC-Hunter™ Pricing – Let The Hunt Begin!
https://www.activecountermeasures.com/ac-hunter-pricing/

/// ➡️ AC-Hunter™Interactive Demo Space
https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

3 0

/// ➡️ AC-Hunter™ Community Edition
https://www.activecountermeasures.com/ac-hunter-community-edition/

/// ➡️ Get AC-Hunter™ Community Edition
https://www.activecountermeasures.com/ac-hunter-community-edition/download/

/// ➡️ AC-Hunter™ General Info
https://www.activecountermeasures.com/ac-hunter/

/// ➡️ AC-Hunter™ Pricing – Let The Hunt Begin!
https://www.activecountermeasures.com/ac-hunter-pricing/

/// ➡️ AC-Hunter™Interactive Demo Space
https://www.activecountermeasures.com/live-demo/

00:00 - Dashboard
00:13 - Main Interface
00:48 - Example IP breakdown
01:08 - Data Access Two Ways
01:46 - Deep Diving IP Address
02:01 - System Threat Scores
02:56 - DNS Module

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

8 0