Skip to content
/ swi2 Public

SWI Prolog code for research into identifying Command and Control (C2) channels with analysis of timestamps

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jordanjoewatson/swi2

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits

data

data

 
 

Dockerfile

Dockerfile

 
 

README.md

README.md

 
 

main.pl

main.pl

 
 

Repository files navigation

swi2

Analysis of data and writeup: https://jordanjoewatson.github.io/2022/09/04/detecting_c2_channels

SWI Prolog Threat Hunting tool, to identify Command and Control (C2) channels. Identifies C2 channels such as Cobalt Strike beacons with varying delay and jitter by examining entropy of time between consequitive network request.

Usage (Docker):

docker build -t example .
docker run -t -d example bash
docker container ls 
docker container exec -it <containername> bash
swipl main.pl # Or prolog main.pl if that doesn't work

Usage (Without Docker):

prolog main.pl
import_netlogs('data/beacondata.csv').
search(T,S,D,100,[]).

About

SWI Prolog code for research into identifying Command and Control (C2) channels with analysis of timestamps

Topics

prolog cybersecurity threat-hunting cobalt-strike blueteam c2 purpleteam commandandcontrol swiprolog

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages