Overview
Explore innovative machine learning techniques for detecting malicious infrastructure in HTTP responses during this 38-minute conference talk from the Hack In The Box Security Conference. Learn about two new feature extraction methods designed to hunt for anomalies and identify command and control (C&C) servers within large datasets of HTTP traffic. Examine the advantages and limitations of supervised and unsupervised learning approaches, and discover how uniqueness features and header order analysis can enhance detection capabilities. Gain insights into passive scanning techniques that allow for pre-breach identification of potential threats, and understand the implications for blue teams seeking to bolster network defenses against sophisticated attackers utilizing HTTP-based communication channels.
Syllabus
#HITBCW2021 D1 - Hunting For Malicious Infrastructure Using Big Data by Freek Bax And Shadi Alhakimi
Taught by
Hack In The Box Security Conference