As organizations continue to adopt new applications and services, more network traffic is beginning to resemble beaconing activity. Furthermore, threat actors employ domain fronting and malleable profiles to make their C2 traffic look normal. As a result, it becomes increasingly difficult to distinguish malicious traffic from benign traffic. In this talk, I will explain the difficulties and demonstrate a new method for effectively identifying malicious beaconing traffic at scale. I will also release the Jupyter Notebook I have developed.SANS DFIR Summit 2023
Speaker: Mehmet Ergene, Security Researcher & Data Scientist, Binalyze
View upcoming Summits:
Музыка
Фильмы
ТВ Шоу
Категории видео
