Hunting Beacon Activity with Fourier Transforms

Threat Hunting Summit 2021

By

October 8, 2021

All presentations are copyrighted. No re-posting of presentations is permitted

https://www.youtube.com/watch?v=twI4pllhElY

Hunting Beacon Activity with Fourier Transforms

Defending your enterprise in 2021 means defending against adversary tools that establish periodic callbacks to the adversary’s infrastructure. For example, Cobalt Strike Beacon. But as any threat hunter can tell you, finding unknown beaconing activity is not an easy task. An interesting approach to this problem is to think like an electrical engineer and use a Fourier Transform to identify periodic signals in your network. By switching analysis to the frequency domain, periodic activity becomes the signal that you’re looking for in all the noise. This talk will show a working implementation of a Fourier analysis, that can be used to find periodic beaconing activity.

Hunting Beacon Activity with Fourier Transforms

Related Content

blog image - ransomware summit.png

Digital Forensics, Incident Response & Threat Hunting

A Visual Summary of SANS Ransomware Summit 2024

Check out these graphic recordings created in real-time throughout the event for SANS Ransomware Summit 2024

DFIR - Blog - The Evolution of Enterprise Threat Hunting- Detailed Insights from the SANS 2024_340 x 340.jpg

Digital Forensics, Incident Response & Threat Hunting

The Evolution of Enterprise Threat Hunting: Detailed Insights from the SANS 2024 Survey

The SANS Survey highlights threat hunting's evolution with increased formalization and strategic integration to enhance cybersecurity effectiveness.

DFIR_ICON_(1).PNG

CTI_Blog_part_1_(1).png

Digital Forensics, Incident Response & Threat Hunting

January 12, 2024

Helping CTI Analysts Approach and Report on Emerging Technology Threats and Trends (Part 2)

How to approach, research, and develop analytic assessments on emerging technologies and threat trends (Part 2)