Webcasts

14 hours ago

DOWNLOAD CLASS LABS: https://www.activecountermeasures.com/hunt-training/

Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

16 3

March 15th, 2023

You read that correctly, we are releasing a free version of our network threat hunting tool, AC-Hunter! As a community, we face an exhaustive number of challenges. There is the gap in needed threat hunting skills, the increase in dwell time of successful attacks, as well as the steadily increasing cost of recovery. Clearly, we need better tooling that can help even junior analysts take the fight to our adversaries.

So we’ve decided to release a free version of AC-Hunter to ensure that “price” is not an inhibitor to threat hunting your environment. In this webcast, we will prove a first look at the tool. We will also be announcing free training on how to download, deploy and manage the tool. Come join the webcast and help us make 2023 the year we start reversing the data breach trends!

///AC-Hunter Community Edition!
https://www.activecountermeasures.com/ac-hunter-community-edition/

Join our Threat Hunter Community Discord Server to join in on the conversation during and after the webcast: https://discord.gg/threathunter

///Chapters
00:00 - Introducing AC-Hunter Community Edition!
00:28 - Why release a Community Edition?
01:48 - RITA Vs AC-Hunter
02:13 - ACH CE Vs ACH Enterprise
03:19 - DEMO
03:52 - AC-Hunter Features – Canary Tokens
06:22 - Safe list Entries
07:36 - Jitter Detection?
12:42 - Important Data Up Front, Visually Presented
13:34 - Verifying an IP?
16:35 - It’s Been A Long Connection, and I Have Reason To Believe…
19:00 - Gauge Scope of a Potential Compromise
21:56 - Threat Intel - Not Very Helpful
24:52 - This is how we do “Threat Intel”
27:32 - Dealing with Proxies
28:14 - Dealing with CDNs
30:10 - Strobes
31:49 - DNS Module
36:45 - Data Feeds
38:39 - Install Options
40:09 - LINK: AC-Hunter Community Edition : https://www.activecountermeasures.com/ac-hunter-community-edition/
41:05 - Questions?
41:25 - Q: Syslog Alerting?
43:01 - Q: Enterprise network install?
43:44 - Q: AC-Hunter CE in a CCDC environment?
44:03 - Q: Beaker and AC-Hunter Community Edition?
45:40 - Q: AC-Hunter CE on a box with a network span port?
47:15 - Q: Link AC-Hunter CE to existing solutions?
48:27 - Q: Docker Container?
49:28 - Q: What’s the attack surface of AC-Hunter
52:16 - Q: Log rotation interval?
53:29 - Q: Traffic samples for DEMO
56:51 - Q: AC-Hunter CE Zeek Logs?
58:12 - Q: AC-Hunter CE CTF?
58:52 - Q: Final Thoughts

///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

15 0

January 21st, 2023

00:00 - Using Roles
01:16 - Where to get roles?
04:31 - Putting it all together
06:55 - Ansible Tips
08:53 - DEMO TIME
16:20 - Questions and Closing

Are you a red or blue teamer trying to automate infrastructure tasks? Ansible may be your solution! We are talking about the open-source automation framework that is used to provision, deploy, and manage compute infrastructure across cloud, virtual, and physical environments. In this webcast, Dave Quartarolo will be discussing getting started with the Ansible automation language.


///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/

9 1

January 21st, 2023

00:00 - Ad Hoc Commands
02:56 - Connecting to Hosts
05:25 - Privilege Escalation
06:58 - Real Quick – YAML
12:06 - Playbooks
17:09 - Variables
18:58 - Playbooks (2)
23:03 - Just the Facts


Are you a red or blue teamer trying to automate infrastructure tasks? Ansible may be your solution! We are talking about the open-source automation framework that is used to provision, deploy, and manage compute infrastructure across cloud, virtual, and physical environments. In this webcast, Dave Quartarolo will be discussing getting started with the Ansible automation language.


///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/

8 0

January 20th, 2023

00:00 - FEATURE PRESENTATION: All About Ansible! Part 1
01:51 - All About David Quartarolo
03:16 - Why Ansible?
04:47 - What is Ansible?
09:48 - Why Should I Use It?
12:38 - Before We Start
15:02 - Building an Inventory

Are you a red or blue teamer trying to automate infrastructure tasks? Ansible may be your solution! We are talking about the open-source automation framework that is used to provision, deploy, and manage compute infrastructure across cloud, virtual, and physical environments. In this webcast, Dave Quartarolo will be discussing getting started with the Ansible automation language.


///Active Countermeasures Socials
Twitter: https://twitter.com/ActiveCmeasures
LinkedIn: https://www.linkedin.com/company/active-countermeasures/
Discord: https://discord.gg/threathunter

///Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - https://www.activecountermeasures.com/live-demo/

///Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com/free-tools/

Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: https://www.activecountermeasures.com/blog/
Active Countermeasures YouTube: https://youtube.com/activecountermeasures

Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pay-what-you-can/
Advanced: https://www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/

Active Countermeasures Shirts
https://spearphish-general-store.myshopify.com/collections/active-countermeasures

Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wld West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/

Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/

23 1

December 14th, 2022

Active Countermeasures has a new tool for you! SMUDGE is a purely passive fingerprinting tool that identifies systems via TCP SYN packets. This completely free and opensource tool uses a curated list of verified signatures to help you identify even more about your traffic.


Please join us to learn all about SMUDGE!

4 0

October 17th, 2022

View our blog post for this video: https://www.activecountermeasures.com/threat-hunting-shorts-collecting-the-right-data-video-blogs/

18 0

October 17th, 2022

24 0

October 5th, 2022

///Join our Threat Hunter Community Discord Server to join in on the conversation during and after the webcast https://discord.gg/threathunter

///Chris Brenton from Active Countermeasures is conducting another free, one-day, Cyber Threat Hunting Training online course!

We have had over 20,000 students attend our training live!

One of the biggest challenges in security today is identifying when our protection tools have failed and a threat actor has made it onto our network.

In this free, one-day (6-hours) course, we will cover how to leverage network and host data to perform a cyber threat hunt.

The focus will be on processes and techniques that can be used to protect:
- Desktops
- Servers
- Network gear
- IIoT
- BYOD system

The course includes hands-on labs using packet captures of various command and control channels.

We will also discuss how you can use our new Sysmon tool BeaKer to detect attacks on the host with Sysmon... for free!

The labs will enable you to apply what you've learned using various open-source tools.

By the end of the course, you’ll understand the tools and techniques needed to perform compromise assessments within your own environment. While the course will be available later for download, live attendees will receive a "Cyber Security Threat Hunter Level-1" certificate.

Why are we doing it? Cyber threat hunting is a relatively new discipline. As an industry, we are still formulating standards and procedures. We want to do our part by giving back to the security community. We are hoping that by sharing what we've learned we can help spark new ideas and threat hunting tools. Let's build a community and solve these problems together.

Join our Threat Hunter Community Discord Server to join in on the conversation during and after the webcast https://discord.gg/threathunter

This will be a live course with QA available. Pre-show Banter and Set-up questions will start at 10:30am ET. The Presentation will begin at 11am ET.

Labs last updated July 9th 2022

65 3