03-03-2021 ACM Webcast: Are Beacons Evil?

Active Countermeasures Webcast

03-03-2021

Are Beacons Evil?

We all know that beacons – regular connections between systems – are commonly used to carry instructions and data in a command and control channel. But that raises an interesting question; are Beacons always malicious? In this presentation by Active Countermeasures’, Keith Chew, & Bill Stearns, we’ll look at the Threat types normally associated with command and control traffic and see how legitimate application traffic can show up.

We’ll go over the types of traffic and how to identify and whitelist them.

Download Slide Deck

Presented by: Bill Stearns & Keith Chew

Timeline:

  • 00:00​ – PreShow Banter™ — Evil Bacon
  • 03:30​ – FEATURE PRESENTATION:
  • 04:27​ – Threat Types to Consider
  • 12:07​ – It’s a Beacon, It MUST Be Evil!
  • 18:02​ – Benign Traffic That Look Like Threats
  • 45:12​ – What if I Don’t Know?
  • 49:12​ – Whitelisting Support
  • 52:04​ – References
  • 56:53​ – Thanks & Questions
AC-Hunter Datasheet
AC-Hunter Personal Demo
What We’re up To
Archives

We're always up to cool threat hunting stuff at Active Countermeasures. Sometimes we want to share our cool stuff and we'll mail it to this list. We are not spammy, and no salesy junk!

* indicates required



Choose the Email Categories You Want to Receive:

(un-check any you don't want)


We're always up to cool threat hunting stuff at Active Countermeasures. Sometimes we want to share our cool stuff and we'll mail it to this list. We are not spammy, and no salesy junk!

* indicates required



Choose the Email Categories You Want to Receive:

(un-check any you don't want)