Hi THT members, today we'll learn about AC-HUNTER software solution and try it in action this threat hunting analysis tool.
This software in real world test cases worked well, not just a new "tool" that Hunter shoud try. Not research topic!
What it is?
AC-Hunter™ Network Threat Detection Software which is core focused in Identifying compromised systems calling back home to their Command and Control (C2, C&C) Servers. The graphical front-end representation of this software made network analysis more easier, as well as, identification of compromised systems on the network.
- AC-Hunter utilizes two primary components: Zeek for capturing the network traffic data and AC-Hunter to analyze the data.
BENEFITS:
- AC-Hunter has the ability to protect all devices: desktops, servers,network hardware, IoT, SCADA, BYOD, and more.
- The simple-to-use interface is focused on enabling threat huntingsuccess for everyone from junior analysts to seasoned professionals.
- They have implemented integration capabilities for MSPs such as Azure andActive Directory
"Today’s adversaries are getting better and better at hiding their backdoor command and control traffic - and the data they’re sneaking out of your network. The skills gap to ramp up new SOC personnel is getting more and more difficult to bridge." - AD-HUNTER
BEACONS MODULE
BEACONS MODULE
A System Frequently Calling Home to a Command and Control Server Is a Clear Indication of a Compromise.
Today’s advanced backdoors are extremely hard to detect. Simple signature detection cannot detect encrypted and malleable Command and Control (C2) sessions. AC-Hunter detects malware by targeting its network communications rather than analyzing the host itself, where malware writers can leverage a wide range of evasion techniques.LONG CONNECTIONS MODULE
This module will also provide data of total cumulative connection time between hosts and total bytes transferred during these connections.
DEEP DIVE MODULE
CYBER DECEPTION MODULE
Cyber Deception is a strategy to attract cyber criminals away from an enterprise’s true assets and divert them to a monitored decoy. This module allows for the creation and monitoring of canary tokens.ALERTING
AC-Hunter continuously hunts your network, looking for signs of command and control activity. When a backdoor is identified, you’ll be notified via Slack, the SIEM of your choice, or a centralized logging server.SAFELISTING
AC-Hunter gives you the ability to safelist IP addresses that you wish to exclude from your threat hunting analysis. You can safelist based on individual IP addresses, subnets, full autonomous system numbers (ASNs), and by domain name.RESOURCE
https://www.activecountermeasures.com/
TRY OUT LIVE DEMO {Read Only}
ctf live demo enter
Email: [email protected]
Password:
aW1hN6gI9eJ0kA7m
Finally, I wanted to say Thanks to everyone who has read it. These informations, software I've learnt recently and I think it will be useful for some newbie users as me.
Moderatör tarafında düzenlendi:
Keep it going
Thank you for your feedback 
