This type of behavioral analysis can be used to detect C2 and backdoor traffic even when the protocol is unknown. NjRAT and QakBot - it also alerts on generic behavior that is typically seen in malware traffic.Įxamples of such generic behavior are periodic connections to a C2 server or long running TCP connections. Not only can it alert on over 30 different malicious command-and-control (C2) protocols - including Domain names extracted from TLS SNI extensionsĪs you can see in the video at the end of this blog post, the Alert tab is a fantastic addition for everyone who wants to detect malicious activity in network traffic.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |