AC&CD is a tool for detecting malicious beaconing activity. Current detection strategies rely on beacons using a fixed sleep and jitter configuration. However, in real attacks, the sleep and jitter configuration is often dynamic, meaning that attackers change the sleep and jitter configuration on the fly according to their needs, such as SOCKS tunneling, off-business hours, etc. AC&CD uses a different approach and finds potential beaconing activity where there is a certain period of time that the attackers are active on the keyboard and executing commands on the victim machine.
-
Notifications
You must be signed in to change notification settings - Fork 12
Active C&C Detector
License
Cyb3r-Monk/ACCD
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
About
Active C&C Detector
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published