Basics

Detecting long connections:

https://www.blackhillsinfosec.com/detecting-long-connections-with-zeek-bro-and-rita/

Detecting beacons:

Detecting TLS C2:

DNS:

https://www.activecountermeasures.com/threat-simulation-dns/

PreviousRedirectors/Relays NextBeacons

Last updated 4 years ago