Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.

Windows memory scanner for call stack spoofing detection, unbacked shellcode, injected DLLs and in-memory C2 implants.

C2 server fingerprinter — Cobalt Strike, Sliver, Mythic, Havoc, Brute Ratel

Berry Sentinel v5.0 — Advanced behavioral C2 and reverse shell detector for Linux/Windows/Unix systems. Features real-time connection analysis, heuristic scoring, C2 framework signature detection, beacon interval analysis, and an interactive curses-based TUI with process kill engine.

Scrapes a list of Payload Domains, IOC's & C2 IPs from from various feeds for easy blacklisting.

C2 Framework Fingerprinter: identifies Cobalt Strike, Metasploit, Sliver, Havoc, Covenant, Brute Ratel from PCAP traffic using beacon analysis, URI patterns, JA3, and HTTP headers

Python network forensics tool that detects C2 beaconing, port scans, data exfiltration, DNS tunneling, and 20+ threat patterns in PCAP files. Behavioral analysis for the encrypted traffic era. Every finding maps to MITRE ATT&CK.

AI-powered network packet analyzer: detects C2, exfiltration, and lateral movement from pcap or tcpdump output.

Flow-level behavioural detection of command-and-control beaconing under timing jitter, size variation, burst traffic, hard benign profiles, and CTU-13 public-data domain shift. Includes synthetic benchmarking, interpretable/statistical/anomaly/supervised baselines, minimum-evidence analysis, CTU-native validation, and report-ready results.

Client-side C2 beaconing detector -- Random Forest + Isolation Forest ML, jitter analysis, ThreatFox IOC lookup, ATT&CK technique mapping, no data leaves browser

ThreatFade - Evasion Interception Platform (Early Research MVP). C2 evasion detection with ML, satellite fusion, REST API. Validated on Merlin QUIC, Cobalt Strike, IcedID. 0% FP rate.

A Wireshark-based network traffic analysis simulating a live SOC incident at Vendmo Tech. Detects C2 beaconing, data exfiltration & port scanning across a 2.3GB PCAP. Includes 8 findings, 10 IOCs, MITRE ATT&CK v14 mapping & attack timeline. Blue Team / SOC portfolio project.

Structural detection framework for deterministic non-periodic C2 scheduling — ceiling theorem proof, taxonomy, and five validated detectors.

AI-augmented threat detection sidecar for Pi-hole — heuristic DGA, NXDOMAIN, volume, and beacon detection on the query log

FusionOps - Agentic SecOps + AIOps Convergence platform by Tinlance Limited. C2 evasion detection → autonomous triage → remediation. Validated on real malware (z=14.76). Open-core Python.

Network traffic analysis using Wireshark to identify suspicious HTTP POST-based Command-and-Control (C2) communication and extract Indicators of Compromise (IOCs).

Real-world malware PCAP analysis — Lumma Stealer C2 decoded, browser fingerprinting exfiltration captured, DNS infection patterns identified. Mapped to MITRE ATT&CK using Wireshark.

Network threat detection and traffic analysis using Wireshark — DNS tunneling detection, TLS fingerprinting with JA4, C2 beacon identification, and automated analysis with TShark

SOC C2 Beaconing Detection Platform

Lab 03 - Malware Traffic Analysis | Wireshark Packet Capture | TCP+UDP Scan Patterns | C2 Simulation | 1066 Packets Analyzed | SOC Lab