C2 Phone Home - Leveraging Security Onion to Identify Command and Control Channels
Offered By: Security Onion via YouTube
Course Description
Overview
Explore command and control (C2) channel identification techniques using Security Onion in this conference talk from Security Onion Conference 2016. Delve into Eric Conrad's presentation on leveraging Security Onion to detect various C2 communication methods, including Echo Request, SSH Tunnel, ICMP, and DNS-based techniques. Learn about whitelisting, blacklisting, and analyzing long requests, DNS resolution, and subdomain patterns. Gain insights into using Server View and Client View for effective C2 detection, and discover practical tips for identifying raw UDP and null DNS records. Enhance your network security skills with this comprehensive overview of C2 channel detection strategies.
Syllabus
Intro
Echo Request
SSH Tunnel
ICMP
White Cap
Blacklist
Whitelist
Justin Henderson
Long Requests
DNS Resolution
DNS Sales
DNS CAD
Server View
Client View
DNS
subdomains
bro
use case
oneliner
GMB
IDO
Raw UDP
Null DNS Records
Wrapup
Taught by
Security Onion
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network