Active Countermeasures
@ActiveCmeasures
Followers
4K
Following
687
Media
226
Statuses
735
Threat Hunting your network has never been so awesome! Creators of AC-Hunter. Contact us for a personal Q&A session.
Joined February 2018
A simple tool in the wrong hands becomes a silent backdoor. We simulated XenoRAT to analyze its SOCKS5 reverse proxy techniques. For defenders, spotting these patterns is vital to stopping the threat. Read the analysis by @faanross:
activecountermeasures.com
What is Malware of the Day? Lab Setup Malware: XenoRAT MITRE Tactics: TA0011 Command and Control , T1571 Non-Standard Port Traffic Type: […]
0
1
3
A foundational protocol designed for network health is being weaponized by threat actors. ICMP, the simple troubleshooting tool, can be used to bypass defenses and maintain a covert C2 channel. Is your team hunting the echoes? Read the analysis:
activecountermeasures.com
What is Malware of the Day? Lab Setup Malware: Custom Go-based C2 (ICMP-GOSH) MITRE Tactics: TA0011 Command and Control, T1071 Application Layer […]
0
0
1
You blocked the IPs, but the payload still arrived. How? It came in over DNS. Joker Screenmate hides tools and data inside TXT records, delivering malware under the cover of normal-looking DNS traffic. More here:
activecountermeasures.com
What is Malware of the Day? Lab Setup Malware: Joker Screenmate (DNS C2 variant) MITRE Tactics: TA0011 Command and Control, T1071.004 Application […]
0
0
1
You don't want to miss next week's guest webcast!
0
0
2
Have you heard about ACE? ACE aka "AC-Hunter Community Edition" is the free version of our easy-to-use commercial Threat Hunting tool! Watch this to learn more about ACE:
0
13
26
Our team is extremely excited to announce the FREE Community Edition of AC-Hunter! Join us for tomorrow's webcast where we'll talk all about this new release: https://t.co/k90xLJgQqr
#ThreatHunting
1
10
20
Office Hours in the next 45 minutes! This will be the first of our new series. Tune in and watch how we make the magic behind the scenes. https://t.co/4EkqLvo0zM
0
3
8
Don't forget to stop by and say Hi to our tribe @shmoocon!
Wanna see those bears from @REKCAHComics Bear v. Bear in action?? Visit @BanjoCrashland, @debthedeb , and @papa_bear1027 at the @BHinfoSecurity booth at @shmoocon !! https://t.co/weLwFJbv82
0
0
0
Learn More about AC-Hunter's Main Features! https://t.co/XvlmUG2iJe
activecountermeasures.com
The Primary Features of the AC-Hunter Network Threat Detection Software.
0
1
4
Threat Simulation – Long Connections Blog by Bill Stearns https://t.co/A3QuktnB6V
activecountermeasures.com
Intro This article is number 2 of 8 in a series on testing Threat Hunting software to make sure that it’s configured correctly […]
0
0
0
Threat Hunting Shorts – FQDN Beacons Video Blog by Chris Brenton https://t.co/1dBrOddcCO
activecountermeasures.com
Video – Threat Hunting – FQDN Beacons Video Transcript Chris (00:00): Hey folks, I’m Chris Brenton and in a previous […]
0
0
2
Join us in this week's Webcast! "All About Ansible - A Suite of Automation Tools" with David Quartarolo Jan 19th | 1-2pm ET Register: https://t.co/1GAJ7QPzA0
0
1
3
On Which Interface Should I Capture Packets? Blog by Bill Stearns https://t.co/VsNJeu0PIE
activecountermeasures.com
Intro Linux is not really known for user-friendly ethernet port naming: br-f8aae97db4f9, eth19, and veth34df106 do very little for explaining what the interface […]
0
0
1
Where Do I Put My Zeek Sensor? Blog by Bill Stearns https://t.co/goY0lHGqOs
activecountermeasures.com
Intro While AI-Hunter and RITA Threat Hunting tools can be placed almost anywhere you’d like – any available data center, DR site, or […]
0
0
2
Are you a red or blue teamer trying to automate infrastructure tasks? Join in on next week's webcast, "All About Ansible - A Suite of Automation Tools"! Learn More: https://t.co/1GAJ7QPzA0
0
0
1
AC-Hunter with Azure Webcast with Brian Fehrman & Logan Lembke Watch Now:
0
0
0
Malware Analysis as a Prey Animal By Keith Chew https://t.co/LURI0XOnFQ
activecountermeasures.com
Intro The year is 1453 and you’ve been ordered by the king to protect the kingdom from the Great Northern Basilisk. You have […]
0
0
1
Detecting Google Services Malware By @strandjs Published: 11/27/2018 https://t.co/N2Za4Yo1Z2
activecountermeasures.com
In our previous blogs, we covered how malware can use Domain Fronting to bypass many of the security tools we use to detect […]
0
1
2
We have a new open-source tool! Check out SMUDGE - Our passive fingerprinting solution. https://t.co/mxFKpOzgRX
activecountermeasures.com
0
16
20
Our team will be primarily offline from now until the New Year. Thank you to the community for all your support in 2022. We have a lot of cool stuff planned for 2023 that we can't wait to share with you! Have a Happy Holiday!
0
2
5