Featured Project
Threat Hunting Process Modeling for C2 Detection Events
Modeling threat hunting workflows and false positive elimination for C2 beacon detection.
- Designed a standardized post-investigation knowledge system for C2 detection scenarios.
- Modeled threat hunting workflows covering compromised hosts, C2 IPs/domains, historical alerts, and asset profiling.
- Integrated DNS, HTTP, SSL, and traffic log analysis with threat intelligence and whitelist mechanisms.
