Permalink
Switch branches/tags
Nothing to show
Find file Copy path
f866223 Jun 28, 2016
1 contributor

Users who have contributed to this file

23 lines (11 sloc) 807 Bytes

#Beacon Detection via Intra-Request Time Deltas

Purpose: Find regular HTTP beaconing behavior which may indicate malware C2

Data Required: HTTP proxy logs

Collection Considerations:

Analysis Techniques: Visualization (Bar graphs)

Description

Malware C2 often utilizes regular request intervals ("beacons") to maintain control with the attacker's infrastructure. By examining the intra-request times between requests to the same resource by the same source IP and visualizing the results, you can look for patterns of regular activity.

Other Notes

More Info