Threat Hunting Summit Talk: Threat Hunting with RITA: A Behavioral Analysis of C2 Traffic

With Hermon Kidane

How do you catch an attacker when their malware is specifically designed to blend in with everyday network noise?

Join Hermon Kidane, Network Threat Hunter at Active Countermeasures, as he walks you through a practical approach to finding covert command and control channels using RITA and Zeek telemetry.

You’ll learn how to analyze connection durations, beaconing cadences, and key metrics like network prevalence and first-seen behavior to spot DNS tunnels and persistent threats, cutting through the raw data to find the actual compromise.

Walk away with a downloadable custom dataset and some bonus hunting scripts, so you can immediately start practicing these techniques on your own.

Chat with your fellow Threat Hunting Summit attendees in the Antisyphon Discord server: https://discord.gg/antisyphon

---

 This talk is part of the Antisyphon Training Threat Hunting Summit, a free, six-hour, live virtual event designed to give you a practical, real-world look at how cyber threat hunters detect stealthy adversaries, investigate suspicious behavior, and turn discoveries into stronger defenses.

For those who want to go further, multiple hands-on, high-quality, and affordable training courses are available June 18-26 to help you sharpen your skills and become a more proactive, effective defender.

See the entire Antisyphon Training Course Catalog for affordable cybersecurity training! 

---