03-03-2021 ACM Webcast: Are Beacons Evil?

Active Countermeasures Webcast


Are Beacons Evil?

We all know that beacons – regular connections between systems – are commonly used to carry instructions and data in a command and control channel. But that raises an interesting question; are Beacons always malicious? In this presentation by Active Countermeasures’, Keith Chew, & Bill Stearns, we’ll look at the Threat types normally associated with command and control traffic and see how legitimate application traffic can show up.

We’ll go over the types of traffic and how to identify and whitelist them.

Download Slide Deck

Presented by: Bill Stearns & Keith Chew


  • 00:00​ – PreShow Banter™ — Evil Bacon
  • 04:27​ – Threat Types to Consider
  • 12:07​ – It’s a Beacon, It MUST Be Evil!
  • 18:02​ – Benign Traffic That Look Like Threats
  • 45:12​ – What if I Don’t Know?
  • 49:12​ – Whitelisting Support
  • 52:04​ – References
  • 56:53​ – Thanks & Questions
AC-Hunter Datasheet
AC-Hunter Personal Demo
What We’re up To