ACM Webcast: Network Decoding GCat Command & Control
Want to level up your threat-hunting knowledge? Take our FREE, hands-on threat hunt training course: https://www.activecountermeasures.com...
1:30 Introduction on Gcat, basic protections, why Gcat is hard to detect, Zeek, Zcat, Bro, and why simply looking at delta time can't help identify an attack
14:22 Using packet data to help determine a Gcat attack
21:32 Analyzing packet data with RITA and AI-Hunter
29:43 Lessons Learned
33:52 Q&A
Video Description: We received so much positive feedback to our deep dive on dnscat2 as a C&C channel, that we've decided to continue the C&C decoding series. In this webcast, we cover Gcat, the infamous tool that was one of the tools used to bring down the Ukranian power grid. Detection here is tricky, as Gcat can look like a regular end-user checking their email. However, there are some tell-tale traits you can key in on. Just like last time, this will be an intermediate level walkthrough. We start with some raw decodes and work our way through the various possibilities for detection.
Here is a link describing how this backdoor was used in the Ukranian power grid attack:
https://www.welivesecurity.com/2016/0...
First, please check out the MITRE Technique Matrix far right side. Specifically, Command and Control: https://attack.mitre.org/matrices/ent...
While many of these techniques are pretty straight-forward, some can be a bit harder to get your head around. Specifically, Web Service.
https://attack.mitre.org/techniques/T...
Active Countermeasures Socials
Twitter: / activecmeasures
LinkedIn: / active-countermeasures
Discord: / discord
Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - https://www.activecountermeasures.com...
Interactive Demo Space - https://www.activecountermeasures.com...
Active Countermeasures Open-Source Tools
https://www.activecountermeasures.com...
Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: https://www.activecountermeasures.com...
Active Countermeasures Blog: https://www.activecountermeasures.com...
Active Countermeasures YouTube: / activecountermeasures
Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): https://www.antisyphontraining.com/pa...
Advanced: https://www.antisyphontraining.com/ad...
Active Countermeasures Shirts
https://spearphish-general-store.mysh...
Our Tribe
Black Hills Infosec: https://www.blackhillsinfosec.com/
Wild West Hackin' Fest: https://wildwesthackinfest.com/
Antisyphon Training: https://www.antisyphontraining.com/