How to Spot C2 Traffic on Your Network

  • Webcast Aired Tuesday, 25 May 2021 10:30AM EDT (25 May 2021 14:30 UTC)
  • Speakers: Matt Bromiley, Vincent Stoffer

Attackers often hide their command and control (C2) activity using techniques like encryption, tunneling in noisy traffic like DNS, or domain generation algorithms to evade blacklists.

Reliably spotting C2 traffic requires a comprehensive network security monitoring capability like open source Zeek that transforms packets into connection-linked protocol logs that let analysts make fast sense of traffic. Corelight's commercial NDR solutions generate this Zeek network evidence and also provide dozens of proprietary C2 insights and detections.

Tune into this webcast for technical demonstrations of how security analysts can use Zeek logs and Corelight insights to identify dozens of C2 techniques in their environment.