Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.

Berry Sentinel v5.0 — Advanced behavioral C2 and reverse shell detector for Linux/Windows/Unix systems. Features real-time connection analysis, heuristic scoring, C2 framework signature detection, beacon interval analysis, and an interactive curses-based TUI with process kill engine.

Scrapes a list of Payload Domains, IOC's & C2 IPs from from various feeds for easy blacklisting.

Python network forensics tool that detects C2 beaconing, port scans, data exfiltration, DNS tunneling, and 20+ threat patterns in PCAP files. Behavioral analysis for the encrypted traffic era. Every finding maps to MITRE ATT&CK.

C2 Framework Fingerprinter: identifies Cobalt Strike, Metasploit, Sliver, Havoc, Covenant, Brute Ratel from PCAP traffic using beacon analysis, URI patterns, JA3, and HTTP headers

AI-powered network packet analyzer: detects C2, exfiltration, and lateral movement from pcap or tcpdump output.

Detect C2 beacons in network traffic using Floquet spectral analysis from quantum chaos theory. Fast, 274KB Zig binary. Reads pcap, live capture, or OpenTelemetry JSONL.

A Wireshark-based network traffic analysis simulating a live SOC incident at Vendmo Tech. Detects C2 beaconing, data exfiltration & port scanning across a 2.3GB PCAP. Includes 8 findings, 10 IOCs, MITRE ATT&CK v14 mapping & attack timeline. Blue Team / SOC portfolio project.

Outbound network monitor to detect beaconing and command-and-control-like behavior on Linux hosts.

🛡️ Monitor outbound TCP connections on Linux with C2 Hunter, a lightweight tool that reveals active sessions and enhances your security posture.

Network traffic analysis using Wireshark to identify suspicious HTTP POST-based Command-and-Control (C2) communication and extract Indicators of Compromise (IOCs).

Lab 03 - Malware Traffic Analysis | Wireshark Packet Capture | TCP+UDP Scan Patterns | C2 Simulation | 1066 Packets Analyzed | SOC Lab

Detects C2 connections in real time by analyzing process behavior without relying on signature databases or IP blacklists.

eBPF-based monitor for detecting suspicious activity during Docker image builds

menu bar malware monitor. detects and kills blockchain C2 backdoor processes, with a live web dashboard

Multi-signal C2 beacon detector. Correlates Zeek conn.log, dns.log, and ssl.log to score and rank beacon candidates with per-signal breakdowns and ATT&CK mapping.

Analyzes network traffic with Wireshark to detect threats, support SOC response, and map findings to MITRE ATT&CK for Vendmo Tech