Presenter

$ getent passwd tba
.
└─ name: TBA

Abstract

Blue Teamers must be aware of emerging tools and trends in order to rapidly detect malicious activity within the network. C2 frameworks provide adversaries additional capabilities to extend their reach and maintain persistence within the environment. Sliver has emerged in the last two years as an alternative C2 framework to Cobalt strike which APT29 has adopted in current operations. Currently detecting Sliver remains difficult as it is a relatively new framework being adopted, and it was built to evade current detection methods. We will discuss an overview of Golang, the capabilities of Sliver and detecting implant network traffic.