I’m a security researcher at Active Countermeasures that ponders one specific question: how to detect C2 frameworks && malware network communication more broadly.
In the quest to become hopefully somewhat competent at this I like approaching the challenge from both sides.
Donning my defensive hat I think about ways to tease out C2 communication by taking a statistical + fingerprinting approach.
And to better understand exactly how C2 communicates, or even better, how it could still potentially communicate, I love developing C2 emulation tools, almost exclusively in Go.
I also teach a number of workshops and courses about C2 development in Golang with AntiSyphon, you can find info on these here.
On this site you can find a variety of content that, in some way or another, relate to the development + analysis of malware network communication profiles, with an overall emphasis on C2/RATs.
If you have any questions or feedback, feel free to connect with me - moi@faanross.com.
Live long and prosper.
Faan
People don’t have ideas, ideas have people. - CGJ