C2 Matrix
  • The C2 Matrix
  • About
  • SANS Slingshot C2 Matrix VM
  • Contribute
  • Feedback
  • Lab Infrastructure
    • C2 Matrix Eval Lab
    • Basic Lab
    • Virtual Machines with C2s
    • Docker
    • Resources
  • C2
    • Caldera
    • Covenant
    • Deimos
    • Empire3
    • Empire5
    • Havoc
    • ibombshell
    • Koadic
    • Merlin
    • Mythic
    • Nuages
    • PoshC2
    • PowerHub
    • SilentTrinity
    • Sliver
    • SCYTHE
    • TrevorC2
  • Attack Infrastructure
    • Resources
    • Redirectors/Relays
  • Detection
    • Basics
    • Beacons
    • JA3/JA3S Hashes
    • JARM
Powered by GitBook
On this page

Was this helpful?

  1. Detection

Basics

PreviousRedirectors/RelaysNextBeacons

Last updated 4 years ago

Was this helpful?

Detecting long connections:

Detecting beacons:

Detecting TLS C2:

  • Certificate Issues:

DNS:

https://www.blackhillsinfosec.com/detecting-long-connections-with-zeek-bro-and-rita/
https://www.activecountermeasures.com/threat-simulation-beacons
https://www.blackhillsinfosec.com/detecting-malware-beacons-with-zeek-and-rita/
https://www.activecountermeasures.com/threat-simulation-certificate-issues/
https://www.activecountermeasures.com/threat-simulation-client-signatures-tls-signature/
https://www.activecountermeasures.com/threat-simulation-dns/