05-06-2020 ACM Webcast: Testing Your Threat Hunt Platform

Active Countermeasures Webcast


Testing Your Threat Hunt Platform

Because Threat Hunting is such a new discipline, it’s not always clear what Threats a particular package can detect. In this webcast, Bill Stearns and Keith Chew will walk you through testing your Threat Hunting software to make sure it is working properly and can detect different types of unwanted traffic. This is a walkthrough of the process for detecting DNS beaconing and Metasploit. After this webcast, you should be all set to do testing on the other threat traffic types.

slide deck can be found Here inside the ACM_Webcasts folder

In preparation for this webcast, check out our Threat Simulation blog series Here

Presented by: Bill Stearns & Keith Chew


  • 0:00 – Before We Start
  • 3:06 – Threat Simulation: Testing Threat Hunting Software
  • 4:29 – OK, But Why?
  • 6:11 – Approach
  • 8:32 – Network Layout
  • 9:11 – Setup
  • 14:24 – Actual Testing
  • 15:37 – Detecting DNS C2 Traffic
  • 17:41 – DNS Live Demo
  • 29:17 – What We Look For
  • 30:08 – If Not Detected?
  • 36:36 – Metasploit Framework
  • 1:00:55 – More Information
  • 1:01:45 – Questions From Discord Chat
  • 1:16:44 – Peanut Butter & Jelly
AC-Hunter Datasheet
AC-Hunter Personal Demo
Subscribe to Our Blog

Sign up for email notifications of our new blog posts, threat hunting training, webcasts and other relevant information.

We are not spammy and you can unsubscribe at any time :)

* indicates required