Skip to content
/ swi2 Public

SWI Prolog code for research into identifying Command and Control (C2) channels with analysis of timestamps

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jordanjoewatson/swi2

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
data
data
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
main.pl
main.pl
 
 

Repository files navigation

swi2

Analysis of data and writeup: https://jordanjoewatson.github.io/2022/09/04/detecting_c2_channels

SWI Prolog Threat Hunting tool, to identify Command and Control (C2) channels. Identifies C2 channels such as Cobalt Strike beacons with varying delay and jitter by examining entropy of time between consequitive network request.

Usage (Docker):

docker build -t example .
docker run -t -d example bash
docker container ls 
docker container exec -it <containername> bash
swipl main.pl # Or prolog main.pl if that doesn't work

Usage (Without Docker):

prolog main.pl
import_netlogs('data/beacondata.csv').
search(T,S,D,100,[]).

About

SWI Prolog code for research into identifying Command and Control (C2) channels with analysis of timestamps

Topics

prolog cybersecurity threat-hunting cobalt-strike blueteam c2 purpleteam commandandcontrol swiprolog

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages