Webcasts

Webcast Archive

Want to attend our webcasts live? See what’s coming next on our Events page.

/// Reference Document for this Webcast:
https://www.activecountermeasures.com/wp-content/uploads/2024/01/Top_Ten_Network_Tools_and_Techniques.pdf

Chris and Bill are seasoned networking adventurers with years of expertise, fearlessly exploring the realms of connectivity and safeguarding digital domains through their mastery in networking security.


In this webcast, William Stearns and Chris Brenton will go through their top 10 security tools and techniques for decoding packets and working with network streams. The focus will be on open-source tools and scripts that anyone can apply to their own environment.

Join our Threat Hunter Community Discord Server to join in on the conversation during and after the webcast: https://discord.gg/threathunter

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

Index / Links:
00:39 - Smart TTY
https://sysprogs.com/SmarTTY/
Dependency: Visual Studio Community Edition
https://visualgdb.com/vscommunity

04:39 - ssh prep
https://github.com/william-stearns/sshprep
https://www.youtube.com/watch?v=62hps0XZkN8

08:44 - Print tshark fields

15:44 - Screen for Long-Running Commands
http://www.stearns.org/doc/screen-for-detachable-sessions.html

20:17 - Payload Simulator

29:25 - gkrellm for System Status
http://www.stearns.org/doc/network-monitoring.current.html
Other tools for visibility:
https://www.activecountermeasures.com/peering-inside/
https://www.youtube.com/watch?v=-GfqEI1yLGM&t=72s

32:33 - Count Connects Per Hour in pcaps and Zeek Logs
https://random-class.s3.amazonaws.com/beacon-tshark
https://random-class.s3.amazonaws.com/beacon-data

39:50 - rsync File Mirroring
http://www.stearns.org/doc/rsync-quickstart.txt

44:46 - Print Packet Payloads with tshark

52:25 - Filtering with BPF
https://www.activecountermeasures.com/?s=BPF
https://www.activecountermeasures.com/filtering-out-high-volume-traffic/

/// Reference Document for this Webcast:
https://www.activecountermeasures.com/wp-content/uploads/2024/01/Top_Ten_Network_Tools_and_Techniques.pdf

Chris and Bill are seasoned networking adventurers with years of expertise, fearlessly exploring the realms of connectivity and safeguarding digital domains through their mastery in networking security.


In this webcast, William Stearns and Chris Brenton will go through their top 10 security tools and techniques for decoding packets and working with network streams. The focus will be on open-source tools and scripts that anyone can apply to their own environment.

Join our Threat Hunter Community Discord Server to join in on the conversation during and after the webcast: https://discord.gg/threathunter

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

Index / Links:
00:39 - Smart TTY
https://sysprogs.com/SmarTTY/
Dependency: Visual Studio Community Edition
https://visualgdb.com/vscommunity

04:39 - ssh prep
https://github.com/william-stearns/sshprep
https://www.youtube.com/watch?v=62hps0XZkN8

08:44 - Print tshark fields

15:44 - Screen for Long-Running Commands
http://www.stearns.org/doc/screen-for-detachable-sessions.html

20:17 - Payload Simulator

29:25 - gkrellm for System Status
http://www.stearns.org/doc/network-monitoring.current.html
Other tools for visibility:
https://www.activecountermeasures.com/peering-inside/
https://www.youtube.com/watch?v=-GfqEI1yLGM&t=72s

32:33 - Count Connects Per Hour in pcaps and Zeek Logs
https://random-class.s3.amazonaws.com/beacon-tshark
https://random-class.s3.amazonaws.com/beacon-data

39:50 - rsync File Mirroring
http://www.stearns.org/doc/rsync-quickstart.txt

44:46 - Print Packet Payloads with tshark

52:25 - Filtering with BPF
https://www.activecountermeasures.com/?s=BPF
https://www.activecountermeasures.com/filtering-out-high-volume-traffic/

41 1

YouTube Video VVU2eFBlV1ZxNkxwTHFPWVE0STlodl9RLjBJNlcxNzVjVVFr

Our Top 10 Networking Tools & Techniques w/ Chris & Bill

/// 🔗 Lab Resources & FAQ here – 
https://www.activecountermeasures.com/hunt-training/

/// ➡️  Register for the next Threat Hunter Training Course Here - 
https://www.activecountermeasures.com/hunt-training/

/// 🔗 Get AC-Hunter CE - 
https://www.activecountermeasures.com/ac-hunter-community-edition/download/

🛝  Class VMs
You only need one of these!
They are all the same, just tweaked for different platforms.
Hash is SHA256
VirtualBox
https://thunt-level1.s3.amazonaws.com/vbox-thunt-L1-202308.zip
5CF82AAEA859F9297CB33569BCFDC5023CAB87E78BD7605C82844D65BB41B899
Generic OVF
https://thunt-level1.s3.amazonaws.com/ovf-thunt-L1-202308.zip
D210F54CDC3E425E10C8FF66AE7F9B1EF0AC5924CE6A5543E1DDDC765252F992
VMware
https://thunt-level1.s3.amazonaws.com/vmware-thunt-L1-202308.zip
57E63852D10BC3C0D9F5B86E369FEFA555D8BF6B6ADA5D31A3E175F9B5109144
3

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

🛝 Class VMs
You only need one of these!
They are all the same, just tweaked for different platforms.
Hash is SHA256
VirtualBox
https://thunt-level1.s3.amazonaws.com/vbox-thunt-L1-202308.zip
5CF82AAEA859F9297CB33569BCFDC5023CAB87E78BD7605C82844D65BB41B899
Generic OVF
https://thunt-level1.s3.amazonaws.com/ovf-thunt-L1-202308.zip
D210F54CDC3E425E10C8FF66AE7F9B1EF0AC5924CE6A5543E1DDDC765252F992
VMware
https://thunt-level1.s3.amazonaws.com/vmware-thunt-L1-202308.zip
57E63852D10BC3C0D9F5B86E369FEFA555D8BF6B6ADA5D31A3E175F9B5109144
3

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

59 2

YouTube Video VVU2eFBlV1ZxNkxwTHFPWVE0STlodl9RLlNBVjNmeDNtMkdr

Cyber Threat Hunting Level 1 | Chris Brenton | December 2023

Cyber Threat Hunting Level 1 | Chris Brenton | October 2023

Cyber Threat Hunting Level 1 | Chris Brenton | August 2023

An Introduction to Threat Hunter Training Level 1 | Chris Brenton

In this webcast we are looking into what passive fingerprinting is and how to use Active Countermeasure's open-source tool SMUDGE. (Links below)

/// 📄 Github Repository 
https://github.com/activecm/smudge

/// 📄 Signature Repository
https://github.com/activecm/tcp-sig-ison

/// 📄 AC-Hunter CE Info
https://www.activecountermeasures.com/ac-hunter-community-edition/

/// 📄 David Quartarolo Contact
Linkedin - https://www.linkedin.com/in/david-quartarolo/
Github - https://github.com/but-i-am-dominator
Mastodon - https://infosec.exchange/@dominator

///Chapters
00:00 - Passive Fingerprinting with SMUDGE | David Quartarolo
00:58 - Why We did this.
06:08 - The Behavior of TCP Packets
07:43 - What is Passive Fingerprinting?
14:35 - Why not p0f?
19:35 - Install DEMO
25:48 - User Friendly features.
43:29 - Options Layout
43:55 - Quirks
45:23 - Flowchart
45:48 - Questions?!

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/


Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

#ACHunter #ActiveCountermeasures #ThreatHunting #Threatintel #Cybersecurity #Infosec

In this webcast we are looking into what passive fingerprinting is and how to use Active Countermeasure's open-source tool SMUDGE. (Links below)

/// 📄 Github Repository
https://github.com/activecm/smudge

/// 📄 Signature Repository
https://github.com/activecm/tcp-sig-ison

/// 📄 AC-Hunter CE Info
https://www.activecountermeasures.com/ac-hunter-community-edition/

/// 📄 David Quartarolo Contact
Linkedin - https://www.linkedin.com/in/david-quartarolo/
Github - https://github.com/but-i-am-dominator
Mastodon - https://infosec.exchange/@dominator

///Chapters
00:00 - Passive Fingerprinting with SMUDGE | David Quartarolo
00:58 - Why We did this.
06:08 - The Behavior of TCP Packets
07:43 - What is Passive Fingerprinting?
14:35 - Why not p0f?
19:35 - Install DEMO
25:48 - User Friendly features.
43:29 - Options Layout
43:55 - Quirks
45:23 - Flowchart
45:48 - Questions?!

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/


Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

#ACHunter #ActiveCountermeasures #ThreatHunting #Threatintel #Cybersecurity #Infosec

13 0

YouTube Video VVU2eFBlV1ZxNkxwTHFPWVE0STlodl9RLk5FMnprcFItdkZZ

Passive Fingerprinting with SMUDGE | David Quartarolo

Active Countermeasures is passionate about providing quality, educational content for the Infosec and Threat Hunting community. We appreciate your feedback so we can keep providing the type of content the community wants to see. Please feel free to email us with your ideas!

Latest Active Countermeasures Blog Posts: