Webcasts

Webcast Archive

Want to attend our webcasts live? See what’s coming next on our Events page.

A video summary by Faan Rossouw of the Malware of the Day - XenoRAT
/// 🔗 Blog post located here: https://www.activecountermeasures.com/malware-of-the-day-xenorat/

/// 🔗 PEStudio:
https://www.winitor.com/download

/// 🔗 TypeRefHasher:
https://github.com/GDATASoftwareAG/TypeRefHasher/releases

/// 🔗 Get AC-Hunter CE - 
https://www.activecountermeasures.com/ac-hunter-community-edition/download/

/// 🔗 Register for future webcasts, summits, and workshops – 
https://blackhillsinfosec.zoom.us/ze/hub/stadium


///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter


///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

A video summary by Faan Rossouw of the Malware of the Day - XenoRAT
/// 🔗 Blog post located here: https://www.activecountermeasures.com/malware-of-the-day-xenorat/

/// 🔗 Get AC-Hunter CE -
https://www.activecountermeasures.com/ac-hunter-community-edition/download/

/// 🔗 Register for future webcasts, summits, and workshops –
https://blackhillsinfosec.zoom.us/ze/hub/stadium






///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter


///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

52 2

YouTube Video VVU2eFBlV1ZxNkxwTHFPWVE0STlodl9RLklJOUl0eEgwaUhZ

XenoRAT | Malware of the Day

/// 🔗 Lab Resources & FAQ here – 
https://www.activecountermeasures.com/hunt-training/

/// ➡️  Register for the next Threat Hunter Training Course Here - 
https://www.activecountermeasures.com/hunt-training/

/// 🔗 Get AC-Hunter CE - 
https://www.activecountermeasures.com/ac-hunter-community-edition/download/

/// 🔗 Register for future webcasts, summits, and workshops – 
https://blackhillsinfosec.zoom.us/ze/hub/stadium

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

/// 🔗 Lab Resources & FAQ here –
https://www.activecountermeasures.com/hunt-training/

/// ➡️ Register for the next Threat Hunter Training Course Here -
https://www.activecountermeasures.com/hunt-training/

/// 🔗 Get AC-Hunter CE -
https://www.activecountermeasures.com/ac-hunter-community-edition/download/

/// 🔗 Register for future webcasts, summits, and workshops –
https://blackhillsinfosec.zoom.us/ze/hub/stadium

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

45 2

YouTube Video VVU2eFBlV1ZxNkxwTHFPWVE0STlodl9RLm9mNktHM25mT0ZJ

2024-04-12 Cyber Threat Hunting Level 1 - Chris Brenton

🔗 blog post located here: https://www.activecountermeasures.com/malware-of-the-day-tunneled-c2-beaconing/

A video summary by Faan Rossouw of the Malware of the Day - Tunneled C2 Beaconing

 🔗 Get AC-Hunter CE
https://www.activecountermeasures.com/ac-hunter-community-edition/

🔗 Register for future webcasts, summits, and workshops - https://blackhillsinfosec.zoom.us/ze/hub/stadium


///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

🔗 blog post located here: https://www.activecountermeasures.com/malware-of-the-day-tunneled-c2-beaconing/

A video summary by Faan Rossouw of the Malware of the Day - Tunneled C2 Beaconing

🔗 Get AC-Hunter CE
https://www.activecountermeasures.com/ac-hunter-community-edition/

🔗 Register for future webcasts, summits, and workshops - https://blackhillsinfosec.zoom.us/ze/hub/stadium


///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

33 1

YouTube Video VVU2eFBlV1ZxNkxwTHFPWVE0STlodl9RLjlRUWxZdk1oQXk4

Malware of the Day - Tunneled C2 Beaconing

/// Reference Document for this Webcast:
https://www.activecountermeasures.com/wp-content/uploads/2024/01/Top_Ten_Network_Tools_and_Techniques.pdf

Chris and Bill are seasoned networking adventurers with years of expertise, fearlessly exploring the realms of connectivity and safeguarding digital domains through their mastery in networking security.


In this webcast, William Stearns and Chris Brenton will go through their top 10 security tools and techniques for decoding packets and working with network streams. The focus will be on open-source tools and scripts that anyone can apply to their own environment.

Join our Threat Hunter Community Discord Server to join in on the conversation during and after the webcast: https://discord.gg/threathunter

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

Index / Links:
00:39 - Smart TTY
https://sysprogs.com/SmarTTY/
Dependency: Visual Studio Community Edition
https://visualgdb.com/vscommunity

04:39 - ssh prep
https://github.com/william-stearns/sshprep
https://www.youtube.com/watch?v=62hps0XZkN8

08:44 - Print tshark fields

15:44 - Screen for Long-Running Commands
http://www.stearns.org/doc/screen-for-detachable-sessions.html

20:17 - Payload Simulator

29:25 - gkrellm for System Status
http://www.stearns.org/doc/network-monitoring.current.html
Other tools for visibility:
https://www.activecountermeasures.com/peering-inside/
https://www.youtube.com/watch?v=-GfqEI1yLGM&t=72s

32:33 - Count Connects Per Hour in pcaps and Zeek Logs
https://random-class.s3.amazonaws.com/beacon-tshark
https://random-class.s3.amazonaws.com/beacon-data

39:50 - rsync File Mirroring
http://www.stearns.org/doc/rsync-quickstart.txt

44:46 - Print Packet Payloads with tshark

52:25 - Filtering with BPF
https://www.activecountermeasures.com/?s=BPF
https://www.activecountermeasures.com/filtering-out-high-volume-traffic/

/// Reference Document for this Webcast:
https://www.activecountermeasures.com/wp-content/uploads/2024/01/Top_Ten_Network_Tools_and_Techniques.pdf

Chris and Bill are seasoned networking adventurers with years of expertise, fearlessly exploring the realms of connectivity and safeguarding digital domains through their mastery in networking security.


In this webcast, William Stearns and Chris Brenton will go through their top 10 security tools and techniques for decoding packets and working with network streams. The focus will be on open-source tools and scripts that anyone can apply to their own environment.

Join our Threat Hunter Community Discord Server to join in on the conversation during and after the webcast: https://discord.gg/threathunter

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

Index / Links:
00:39 - Smart TTY
https://sysprogs.com/SmarTTY/
Dependency: Visual Studio Community Edition
https://visualgdb.com/vscommunity

04:39 - ssh prep
https://github.com/william-stearns/sshprep
https://www.youtube.com/watch?v=62hps0XZkN8

08:44 - Print tshark fields

15:44 - Screen for Long-Running Commands
http://www.stearns.org/doc/screen-for-detachable-sessions.html

20:17 - Payload Simulator

29:25 - gkrellm for System Status
http://www.stearns.org/doc/network-monitoring.current.html
Other tools for visibility:
https://www.activecountermeasures.com/peering-inside/
https://www.youtube.com/watch?v=-GfqEI1yLGM&t=72s

32:33 - Count Connects Per Hour in pcaps and Zeek Logs
https://random-class.s3.amazonaws.com/beacon-tshark
https://random-class.s3.amazonaws.com/beacon-data

39:50 - rsync File Mirroring
http://www.stearns.org/doc/rsync-quickstart.txt

44:46 - Print Packet Payloads with tshark

52:25 - Filtering with BPF
https://www.activecountermeasures.com/?s=BPF
https://www.activecountermeasures.com/filtering-out-high-volume-traffic/

51 1

YouTube Video VVU2eFBlV1ZxNkxwTHFPWVE0STlodl9RLjBJNlcxNzVjVVFr

Our Top 10 Networking Tools & Techniques w/ Chris & Bill

/// 🔗 Lab Resources & FAQ here – 
https://www.activecountermeasures.com/hunt-training/

/// ➡️  Register for the next Threat Hunter Training Course Here - 
https://www.activecountermeasures.com/hunt-training/

/// 🔗 Get AC-Hunter CE - 
https://www.activecountermeasures.com/ac-hunter-community-edition/download/

🛝  Class VMs
You only need one of these!
They are all the same, just tweaked for different platforms.
Hash is SHA256
VirtualBox
https://thunt-level1.s3.amazonaws.com/vbox-thunt-L1-202308.zip
5CF82AAEA859F9297CB33569BCFDC5023CAB87E78BD7605C82844D65BB41B899
Generic OVF
https://thunt-level1.s3.amazonaws.com/ovf-thunt-L1-202308.zip
D210F54CDC3E425E10C8FF66AE7F9B1EF0AC5924CE6A5543E1DDDC765252F992
VMware
https://thunt-level1.s3.amazonaws.com/vmware-thunt-L1-202308.zip
57E63852D10BC3C0D9F5B86E369FEFA555D8BF6B6ADA5D31A3E175F9B5109144
3

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

🛝 Class VMs
You only need one of these!
They are all the same, just tweaked for different platforms.
Hash is SHA256
VirtualBox
https://thunt-level1.s3.amazonaws.com/vbox-thunt-L1-202308.zip
5CF82AAEA859F9297CB33569BCFDC5023CAB87E78BD7605C82844D65BB41B899
Generic OVF
https://thunt-level1.s3.amazonaws.com/ovf-thunt-L1-202308.zip
D210F54CDC3E425E10C8FF66AE7F9B1EF0AC5924CE6A5543E1DDDC765252F992
VMware
https://thunt-level1.s3.amazonaws.com/vmware-thunt-L1-202308.zip
57E63852D10BC3C0D9F5B86E369FEFA555D8BF6B6ADA5D31A3E175F9B5109144
3

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

64 2

YouTube Video VVU2eFBlV1ZxNkxwTHFPWVE0STlodl9RLlNBVjNmeDNtMkdr

Cyber Threat Hunting Level 1 | Chris Brenton | December 2023

Cyber Threat Hunting Level 1 | Chris Brenton | October 2023

Active Countermeasures is passionate about providing quality, educational content for the Infosec and Threat Hunting community. We appreciate your feedback so we can keep providing the type of content the community wants to see. Please feel free to email us with your ideas!

Latest Active Countermeasures Blog Posts: