- 107
- 217 669
Active Countermeasures
United States
Приєднався 14 лют 2018
www.activecountermeasures.com
Today’s adversaries are getting better and better at hiding their backdoor command and control traffic, and the data they’re sneaking out of your network. The skills gap to ramp up new SOC personnel is getting more and more difficult to bridge. Active Countermeasures offers you tools almost any IT pro can use to detect these malicious backdoors.
Today’s adversaries are getting better and better at hiding their backdoor command and control traffic, and the data they’re sneaking out of your network. The skills gap to ramp up new SOC personnel is getting more and more difficult to bridge. Active Countermeasures offers you tools almost any IT pro can use to detect these malicious backdoors.
6. RITA v5 - First Threat Hunt with RITA v5 #rita #freetools #infosec
Chris Brenton guides you through your first RITA network threat hunt by explaining the primary indicators and best practices using RITA version 5.
🔗 Blog post located here -
www.activecountermeasures.com/ritav5-the-video-series/
Real Intelligence Threat Analytics (RITA) is an open-source framework for detecting command and control communication through network traffic analysis. More information and free download of RITA can be found here: www.activecountermeasures.com/free-tools/rita/
🔗 Register for webcasts, summits, and workshops -
poweredbybhis.com
🔗Active Countermeasures Socials
Twitter: ActiveCmeasures
LinkedIn: www.linkedin.com/company/active-countermeasures/
Discord: discord.gg/threathunter
🔗Our Threat Hunting Tool ~ AC-Hunter
Features - www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - www.activecountermeasures.com/live-demo/
🔗Active Countermeasures Open-Source Tools
www.activecountermeasures.com/free-tools/
🔗Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: www.activecountermeasures.com/blog/
Active Countermeasures UA-cam: ua-cam.com/users/activecountermeasures
🔗Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): www.antisyphontraining.com/pay-what-you-can/
Advanced: www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/
🔗Active Countermeasures Shirts
spearphish-general-store.myshopify.com/collections/active-countermeasures
🔗Our Tribe
Black Hills Infosec: www.blackhillsinfosec.com/
Wld West Hackin' Fest: wildwesthackinfest.com/
Antisyphon Training: www.antisyphontraining.com/
#infosec #FreeTools #BHIS #Threathunting #threatintel #cybersecurity
🔗 Blog post located here -
www.activecountermeasures.com/ritav5-the-video-series/
Real Intelligence Threat Analytics (RITA) is an open-source framework for detecting command and control communication through network traffic analysis. More information and free download of RITA can be found here: www.activecountermeasures.com/free-tools/rita/
🔗 Register for webcasts, summits, and workshops -
poweredbybhis.com
🔗Active Countermeasures Socials
Twitter: ActiveCmeasures
LinkedIn: www.linkedin.com/company/active-countermeasures/
Discord: discord.gg/threathunter
🔗Our Threat Hunting Tool ~ AC-Hunter
Features - www.activecountermeasures.com/ac-hunter-features/
Interactive Demo Space - www.activecountermeasures.com/live-demo/
🔗Active Countermeasures Open-Source Tools
www.activecountermeasures.com/free-tools/
🔗Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: www.activecountermeasures.com/hunt-training/
Active Countermeasures Blog: www.activecountermeasures.com/blog/
Active Countermeasures UA-cam: ua-cam.com/users/activecountermeasures
🔗Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): www.antisyphontraining.com/pay-what-you-can/
Advanced: www.antisyphontraining.com/advanced-network-threat-hunting-w-chris-brenton/
🔗Active Countermeasures Shirts
spearphish-general-store.myshopify.com/collections/active-countermeasures
🔗Our Tribe
Black Hills Infosec: www.blackhillsinfosec.com/
Wld West Hackin' Fest: wildwesthackinfest.com/
Antisyphon Training: www.antisyphontraining.com/
#infosec #FreeTools #BHIS #Threathunting #threatintel #cybersecurity
Переглядів: 282
Відео
5. RITA v5 - Live Monitoring #rita #freetools #infosec
Переглядів 326Місяць тому
Chris Brenton provides instructions on how to set up RITA and Zeek for live monitoring of your network. 🔗 Blog post located here - www.activecountermeasures.com/ritav5-the-video-series/ Real Intelligence Threat Analytics (RITA) is an open-source framework for detecting command and control communication through network traffic analysis. More information and free download of RITA can be found her...
2024-09-06 Cyber Threat Hunting Level 1 | Chris Brenton #infosec #training #freetraining
Переглядів 1,2 тис.Місяць тому
🔗 Register for webcasts, summits, and workshops - poweredbybhis.com 🔗Active Countermeasures Socials Twitter: ActiveCmeasures LinkedIn: www.linkedin.com/company/active-countermeasures/ Discord: discord.gg/threathunter 🔗Our Threat Hunting Tool ~ AC-Hunter Features - www.activecountermeasures.com/ac-hunter-features/ Interactive Demo Space - www.activecountermeasures.com/live-demo/ 🔗Act...
4. RITA v5 - Working with PCAPs #rita #freetools #infosec
Переглядів 242Місяць тому
Chris Brenton explains how to import PCAP files for analysis using RITA version 5. 🔗 Blog post located here - www.activecountermeasures.com/ritav5-the-video-series/ Real Intelligence Threat Analytics (RITA) is an open-source framework for detecting command and control communication through network traffic analysis. More information and free download of RITA can be found here: www.activecounterm...
3. RITA v5 - Installation #rita #freetools #infosec
Переглядів 454Місяць тому
Chris Brenton walks through how to download and install RITA version 5. 🔗 Blog post located here - www.activecountermeasures.com/ritav5-the-video-series/ Real Intelligence Threat Analytics (RITA) is an open-source framework for detecting command and control communication through network traffic analysis. More information and free download of RITA can be found here: www.activecountermeasures.com...
2. RITA v5 - Network Architecture #rita #freetools #infosec
Переглядів 295Місяць тому
Chris Brenton explains how to configure your network environment to capture network traffic for monitoring and analysis by RITA. 🔗 Blog post located here - www.activecountermeasures.com/ritav5-the-video-series/ Real Intelligence Threat Analytics (RITA) is an open-source framework for detecting command and control communication through network traffic analysis. More information and free download...
1. RITA v5 - First Look RITAv4 vs RITAv5 #RITA #freetools #infosec
Переглядів 514Місяць тому
Chris Brenton shows some of the differences of RITA version 4 and a first look at the new RITA version 5. 🔗 Blog post located here - www.activecountermeasures.com/ritav5-the-video-series/ Real Intelligence Threat Analytics (RITA) is an open-source framework for detecting command and control communication through network traffic analysis. More information and free download of RITA can be found h...
Understanding C2 Beacons - Part 2 of 2 | Malware of the Day
Переглядів 208Місяць тому
A video summary by Faan Rossouw of the Malware of the Day - Understanding C2 Beacons - Part 2 of 2 🔗 Blog post located here: www.activecountermeasures.com/malware-of-the-day-understanding-c2-beacons-part-2-of-2 🔗 AC-Hunter: www.activecountermeasures.com/ac-hunter/ 🔗 AC-Hunter Community Edition: www.activecountermeasures.com/ac-hunter-community-edition/ 🔗 Register for webcasts, summits, and work...
Understanding C2 Beacons - Part 1 of 2 | Malware of the Day
Переглядів 393Місяць тому
A video summary by Faan Rossouw of the Malware of the Day - Understanding C2 Beacons - Part 1 of 2 🔗 Blog post located here: www.activecountermeasures.com/malware-of-the-day-understanding-c2-beacons-part-1-of-2 🔗 StatQuest: Histograms, Clearly Explained ua-cam.com/video/qBigTkBLU6g/v-deo.html 🔗 Register for webcasts, summits, and workshops - poweredbybhis.com 🔗 Our Threat Hunting Tool ~ AC-Hunt...
2024-06-25 Cyber Threat Hunting Level 1 With Chris Brenton
Переглядів 1,7 тис.3 місяці тому
/// 🔗 Lab Resources & FAQ here - www.activecountermeasures.com/hunt-training/ /// ➡️ Register for the next Threat Hunter Training Course Here - www.activecountermeasures.com/hunt-training/ /// 🔗 Get AC-Hunter CE - www.activecountermeasures.com/ac-hunter-community-edition/download/ /// 🔗 Register for future webcasts, summits, and workshops - blackhillsinfosec.zoom.us/ze/hub/stadium ///Active Cou...
XenoRAT | Malware of the Day
Переглядів 1,1 тис.4 місяці тому
A video summary by Faan Rossouw of the Malware of the Day - XenoRAT /// 🔗 Blog post located here: www.activecountermeasures.com/malware-of-the-day-xenorat/ /// 🔗 PEStudio: www.winitor.com/download /// 🔗 TypeRefHasher: github.com/GDATASoftwareAG/TypeRefHasher/releases /// 🔗 Get AC-Hunter CE - www.activecountermeasures.com/ac-hunter-community-edition/download/ /// 🔗 Register for future webcasts, ...
2024-04-12 Cyber Threat Hunting Level 1 - Chris Brenton
Переглядів 2,5 тис.6 місяців тому
/// 🔗 Lab Resources & FAQ here - www.activecountermeasures.com/hunt-training/ /// ➡️ Register for the next Threat Hunter Training Course Here - www.activecountermeasures.com/hunt-training/ /// 🔗 Get AC-Hunter CE - www.activecountermeasures.com/ac-hunter-community-edition/download/ /// 🔗 Register for future webcasts, summits, and workshops - blackhillsinfosec.zoom.us/ze/hub/stadium ///Active Cou...
Malware of the Day - Tunneled C2 Beaconing
Переглядів 6096 місяців тому
🔗 blog post located here: www.activecountermeasures.com/malware-of-the-day-tunneled-c2-beaconing/ A video summary by Faan Rossouw of the Malware of the Day - Tunneled C2 Beaconing 🔗 Get AC-Hunter CE www.activecountermeasures.com/ac-hunter-community-edition/ 🔗 Register for future webcasts, summits, and workshops - blackhillsinfosec.zoom.us/ze/hub/stadium ///Active Countermeasures Socials Twitter...
2024-02-23- Cyber Threat Hunting Level 1 - Chris Brenton #infosec #training #class
Переглядів 2,5 тис.7 місяців тому
2024-02-23- Cyber Threat Hunting Level 1 - Chris Brenton #infosec #training #class
Cyber Threat Hunting Level 1 | Chris Brenton | December 2023
Переглядів 2,3 тис.10 місяців тому
Cyber Threat Hunting Level 1 | Chris Brenton | December 2023
Cyber Threat Hunting Level 1 | Chris Brenton | October 2023
Переглядів 2,6 тис.Рік тому
Cyber Threat Hunting Level 1 | Chris Brenton | October 2023
Cyber Threat Hunting Level 1 | Chris Brenton | August 2023
Переглядів 1,1 тис.Рік тому
Cyber Threat Hunting Level 1 | Chris Brenton | August 2023
An Introduction to Threat Hunter Training Level 1 | Chris Brenton
Переглядів 5 тис.Рік тому
An Introduction to Threat Hunter Training Level 1 | Chris Brenton
Passive Fingerprinting with SMUDGE | David Quartarolo
Переглядів 316Рік тому
Passive Fingerprinting with SMUDGE | David Quartarolo
AC Hunter Community Edition - Linux TAR Installer Walk-Through
Переглядів 1,5 тис.Рік тому
AC Hunter Community Edition - Linux TAR Installer Walk-Through
AC-Hunter Community Edition - VMware install Walk-Through
Переглядів 1,7 тис.Рік тому
AC-Hunter Community Edition - VMware install Walk-Through
AC-Hunter Community Edition VS Enterprise
Переглядів 335Рік тому
AC-Hunter Community Edition VS Enterprise
Does Ac Hunter supports Ubunto 24.4?
Красава, давай ще!))
Very nice tutorial, but in some linux diustro's screen isn't install automaticly.. if screen isnt install cronjob won't work.... I had that isseu and try to run rita-roll from /opt/rita/ and I've got the supprice screen wasn't installed... SO i've installed it and now it's running :) Recap to add perhaps in de newer version of this video: 1. install screen; 2. Dry run from /opt/rita/rita-roll
This new version is great! It would be great to see a video on how to filter out hordes of false positives and find needles in a very big haystack. Populating never_include_domains is arduous and never ending.
Hello. Great content! How is supossed to add the Threat Intel services/feeds? (Like VT or AbuseIPDB?). I saw there is a config file at "/etc/rita/threat_intel_feeds/DO_NOT_DELETE" but I don´t know which is format to integrate with those services... (requires API key)?
When I run Rita List, i'm not seeing the database. Is that because I need to wait a few hours?
If you are reading a pcap, the database should show up right away. If you are creating a rolling database to do live monitoring, the database will get created after Zeek writes out it's logs and then RITA imports them. So yes, that usually takes 1-2 hours to happen for the first time. After that, the database will always be there.
Thank you Chris, for your time.
With Rita v5, would you advise against installing it on WSL?
I personally run it on WSL2 with the default Ubuntu. The install runs just fine without error. However, Zeek does not run on Windows and I have not come up with an elegant way to reach out from the VM to let Zeek monitor the host's NIC. So if you install on WSL2 you will be able to process pcaps, but probably not do live monitoring. If you do get live monitoring working, please drop me a note and tell me what you did. ;-)
Appreciated as usual...
Awesome, just today was reading an article about it!
Part ii is dropping tomorrow 🖖
Interesting, however, I installed rite v5 but I cant find beacon-sni beacon-conn and beacon-host in the folder. Should it come together or I need to get it from diff package? thank sman!
Awesome!!!!
Team, where can i download the pdf file regarding this training.
Lol this is awesome - I cant wait to sit in on the June class
This was great. I look forward to more like this.
great video with an in depth realistic security response i rly liked this
awesome stuff bill!
hi Chris, i miss this Training, will i still get the certificate if i do the recording ?
Yet another fantastic webinar, Chris! Thank you so much for sharing your knowledge with the community, truly inspirational! 🙏
What a bunch of dorks
Nice vid.
very clear, lucid explanations thanks Chris.
Oh man, the mcedit tool has never looked so cool Bill!
Excellent thank
Bill "1006 different projects" Stearns 😆
Thanks for this amazing session
great work team AC, the new UI is beautiful! y'all should be proud :)
Awesome as usual!
"Promosm" 😞
Will the product work in a AWS environment? A tap makes me think a data center. I maybe wrong but all work will be with ec2 instances. Just need more info.
This was an excellent presentation. Extremely helpful.
Yet another awesome webinar by Chris! Thank you so much to Active Countermeasures and Chris Brenton for this wonderful content 🙏
Great session! Very interesting method for monitoring network. Wish we could've touched a bit more on zeek, zeekctl, and other relevant CLI stuff. Thanks, Chris Brenton!
thanks, unfortunately I don't see the rolling database, only the examples
Really cool way of threat-hunting, would u say something like this could be created in Splunk with the right log sources?
Super cool presentation. 😀
Special thanks to Chris for going through with this October version despite being sick 🙏👏👏👏
Awesome!!!!
Watched the last one it was really good
Good Stuff😁😁
fun fact re: US driving on RHS instead of LHS: in the United States, large freight wagons driven by teams of horses would often have the driver sitting on the left rear horse, holding a whip in his right hand. This position allowed the driver to have a better view of the road if he was driving on the right side.
am loving ac-hunter it makes analysis easy with securityonion and pfsense. thanks guys for making this free for enthusiast.
Another gem of content. Perfect for someone new to the role such as myself!
It's been a while since I took the course... Nice improvement and might be attending next live session
Fantastic! Can't wait for the August training as well!
ditto - see you there :)
If I am using Option 4, how do I get to use Zeek?
second time i'm doing this and just signed up for the advanced training on 24+25 august. you are an incredible teacher chris - looking fwd to getting in deeper!
Great ,Thanks you for sharing 😊
will April's recording be posted here?
thank you