Detection Engineering
C2 Beaconing Detection
How to detect C2 beaconing without ML — interval regularity, jitter analysis, and JA3 fingerprints over Zeek logs, with an SPL analytic and egress hardening.
2 articles
How to detect C2 beaconing without ML — interval regularity, jitter analysis, and JA3 fingerprints over Zeek logs, with an SPL analytic and egress hardening.
How to detect DNS tunneling without an ML model — query length, entropy, and frequency thresholds, a Suricata rule and a Zeek/SPL analytic, plus egress hardening.