C2 Phone Home - Leveraging Security Onion to Identify Command and Control Channels
Offered By: Security Onion via YouTube
Course Description
Overview
Explore command and control (C2) channel identification techniques using Security Onion in this conference talk from Security Onion Conference 2016. Delve into Eric Conrad's presentation on leveraging Security Onion to detect various C2 communication methods, including Echo Request, SSH Tunnel, ICMP, and DNS-based techniques. Learn about whitelisting, blacklisting, and analyzing long requests, DNS resolution, and subdomain patterns. Gain insights into using Server View and Client View for effective C2 detection, and discover practical tips for identifying raw UDP and null DNS records. Enhance your network security skills with this comprehensive overview of C2 channel detection strategies.
Syllabus
Intro
Echo Request
SSH Tunnel
ICMP
White Cap
Blacklist
Whitelist
Justin Henderson
Long Requests
DNS Resolution
DNS Sales
DNS CAD
Server View
Client View
DNS
subdomains
bro
use case
oneliner
GMB
IDO
Raw UDP
Null DNS Records
Wrapup
Taught by
Security Onion
Related Courses
Computer Networks and the InternetKiron via edX Networking Concepts for Beginners
Udemy TCP/IP in der Praxis - Netzwerk-Kommunikation live erleben
Udemy Protocol Deep Dive: ICMP
Pluralsight Network+ Breakdowns and Labs
YouTube