Free Download of
AC Hunter Community Edition
AC Hunter Community Edition
With Chris Brenton
For the last five years, RITA has been the premier open-source tool for identifying covert command and control (C2) channels. While RITA is extremely accurate, the command line interface can be challenging when you are used to working with GUI-based tools. This can add additional layers of complexity when you are trying to threat hunt your network.
With this in mind, we’ve decided to release a freeware version of our graphical C2 threat hunting tool, AC-Hunter. We will still maintain RITA, but the free AC-Hunter Community Edition will be an additional tool in your arsenal for finding adversaries on your network.
Prioritizing Systems With Threat Scoring
One of the benefits of AC-Hunter is that it assigns a threat score to all of your internal systems. The higher the threat score, the more likely the system has been compromised. This can be a huge time saver if you think an adversary has compromised multiple systems on your network.
On the right side of the screen, AC-Hunter breaks down which attributes were observed when assigning the threat score. All of these items are clickable, which makes it easy to dig into the data.
We’ve focused on a highly simplified interface so that analysts of any skill level can be effective threat hunters.
Cyber Deception Capability
The cyber deception capability built into AC-Hunter permits you to leave “tripwires” in various locations around your network in order to detect lateral movement by rogue employees or potential adversaries. Deception tokens can be user accounts or resources that look like tempting targets.
For example, you can create a fake Administrator account that alerts whenever anyone tries to log in, or tantalizing private files that trigger when someone tries to view their contents. Cyber deception provides an additional layer of low false positive detection of potential adversaries on your network.
Deploying AC-Hunter
One of the benefits of AC-Hunter is that network data is used to collect C2 telemetry. This means that there are no endpoint agents to install. Further, AC-Hunter is capable of protecting any operating system, IoT, IIoT, or network device. All devices connected to the network are automatically protected. AC-Hunter can be deployed on-prem or into IaaS public clouds like EC2 and Azure.
Community vs Enterprise Edition
Both the Community and the Enterprise editions of AC-Hunter use the same patented C2 detection code and the same simplified interface. So both are just as capable of helping you find adversaries on your network. The big difference comes down to day-to-day administration. The Enterprise Edition has more features designed to support daily SOC operations.