Webcasts

/// 🔗 Lab Resources & FAQ here –
https://www.activecountermeasures.com/hunt-training/

/// ➡️ Register for the next Threat Hunter Training Course Here -
https://www.activecountermeasures.com/hunt-training/

/// 🔗 Get AC-Hunter CE -
https://www.activecountermeasures.com/ac-hunter-community-edition/download/

/// 🔗 Register for future webcasts, summits, and workshops –
https://blackhillsinfosec.zoom.us/ze/hub/stadium

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

27 1

🔗 blog post located here: https://www.activecountermeasures.com/malware-of-the-day-tunneled-c2-beaconing/

A video summary by Faan Rossouw of the Malware of the Day - Tunneled C2 Beaconing

🔗 Get AC-Hunter CE
https://www.activecountermeasures.com/ac-hunter-community-edition/

🔗 Register for future webcasts, summits, and workshops - https://blackhillsinfosec.zoom.us/ze/hub/stadium


///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

26 1

/// 🔗 For Certificates, Register and Watch Here - https://blackhillsinfosec.zoom.us/ze/hub/stadium

We're lucky to have hundreds of awesome packet sniffers to choose from, but what happens when none of them do exactly what you want?

When there's no off-the-shelf tool to handle the task, consider writing your own sniffer!

In this Active Countermeasures webcast, Bill Stearns will teach you how to build your own sniffer using a skeleton that handles a huge amount of the grunt work.

The talk will be most valuable to those interested in packet sniffing, packet analysis, and network security. We'll provide a template for a python program you can use for your own projects, but you don't have to be a python programmer to join us and see how this works.

Chat with your fellow attendees in the Threat Hunter Community Discord server here: https://discord.gg/threathunter -- in the #🔴live-webcast-chat

35 1

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

71 2

/// Reference Document for this Webcast:
https://www.activecountermeasures.com/wp-content/uploads/2024/01/Top_Ten_Network_Tools_and_Techniques.pdf

Chris and Bill are seasoned networking adventurers with years of expertise, fearlessly exploring the realms of connectivity and safeguarding digital domains through their mastery in networking security.


In this webcast, William Stearns and Chris Brenton will go through their top 10 security tools and techniques for decoding packets and working with network streams. The focus will be on open-source tools and scripts that anyone can apply to their own environment.

Join our Threat Hunter Community Discord Server to join in on the conversation during and after the webcast: https://discord.gg/threathunter

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

Index / Links:
00:39 - Smart TTY
https://sysprogs.com/SmarTTY/
Dependency: Visual Studio Community Edition
https://visualgdb.com/vscommunity

04:39 - ssh prep
https://github.com/william-stearns/sshprep
https://www.youtube.com/watch?v=62hps0XZkN8

08:44 - Print tshark fields

15:44 - Screen for Long-Running Commands
http://www.stearns.org/doc/screen-for-detachable-sessions.html

20:17 - Payload Simulator

29:25 - gkrellm for System Status
http://www.stearns.org/doc/network-monitoring.current.html
Other tools for visibility:
https://www.activecountermeasures.com/peering-inside/
https://www.youtube.com/watch?v=-GfqEI1yLGM&t=72s

32:33 - Count Connects Per Hour in pcaps and Zeek Logs
https://random-class.s3.amazonaws.com/beacon-tshark
https://random-class.s3.amazonaws.com/beacon-data

39:50 - rsync File Mirroring
http://www.stearns.org/doc/rsync-quickstart.txt

44:46 - Print Packet Payloads with tshark

52:25 - Filtering with BPF
https://www.activecountermeasures.com/?s=BPF
https://www.activecountermeasures.com/filtering-out-high-volume-traffic/

46 1

🛝 Class VMs
You only need one of these!
They are all the same, just tweaked for different platforms.
Hash is SHA256
VirtualBox
https://thunt-level1.s3.amazonaws.com/vbox-thunt-L1-202308.zip
5CF82AAEA859F9297CB33569BCFDC5023CAB87E78BD7605C82844D65BB41B899
Generic OVF
https://thunt-level1.s3.amazonaws.com/ovf-thunt-L1-202308.zip
D210F54CDC3E425E10C8FF66AE7F9B1EF0AC5924CE6A5543E1DDDC765252F992
VMware
https://thunt-level1.s3.amazonaws.com/vmware-thunt-L1-202308.zip
57E63852D10BC3C0D9F5B86E369FEFA555D8BF6B6ADA5D31A3E175F9B5109144
3

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

62 2

/// 🔗 Get AC-Hunter CE
https://www.activecountermeasures.com/ac-hunter-community-edition/download/

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

66 3

/// 🔗 Get AC-Hunter CE
https://www.activecountermeasures.com/ac-hunter-community-edition/download/

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

41 0

/// 📄 For Certificates, Register and Watch Here -
https://blackhillsinfosec.zoom.us/webinar/register/2616956597063/WN_DHwItAOvSV6CGsgvogWKQQ

For this webcast, we have invited guest speaker Faan Rossouw to discuss his approach to threat hunting.

This talk will explore how we can use live memory analysis (using Process Hacker) to identify diagnostic characteristics of standard -injected C2 beacons. In the first half we will explore the theory underpinning the approach, followed up by a live demo.

Note that this talk forms part of a larger overall approach to threat hunting, which is fully explored in a free hands-on threat-hunting course Faan created specifically for beginners - https://www.faanross.com/posts/course01/

Join our Threat Hunter Community Discord Server to join in on the conversation during and after the webcast: https://discord.gg/threathunter

50 2