Berry Sentinel v5.0 — Advanced behavioral C2 and reverse shell detector for Linux/Windows/Unix systems. Features real-time connection analysis, heuristic scoring, C2 framework signature detection, beacon interval analysis, and an interactive curses-based TUI with process kill engine.

Python network forensics tool that detects C2 beaconing, port scans, data exfiltration, DNS tunneling, and 20+ threat patterns in PCAP files. Behavioral analysis for the encrypted traffic era. Every finding maps to MITRE ATT&CK.

C2 Framework Fingerprinter: identifies Cobalt Strike, Metasploit, Sliver, Havoc, Covenant, Brute Ratel from PCAP traffic using beacon analysis, URI patterns, JA3, and HTTP headers

AI-powered network packet analyzer: detects C2, exfiltration, and lateral movement from pcap or tcpdump output.

Multi-signal C2 beacon detector. Correlates Zeek conn.log, dns.log, and ssl.log to score and rank beacon candidates with per-signal breakdowns and ATT&CK mapping.

Detects C2 connections in real time by analyzing process behavior without relying on signature databases or IP blacklists.