Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.

Windows memory scanner for call stack spoofing detection, unbacked shellcode, injected DLLs and in-memory C2 implants.

Berry Sentinel v5.0 — Advanced behavioral C2 and reverse shell detector for Linux/Windows/Unix systems. Features real-time connection analysis, heuristic scoring, C2 framework signature detection, beacon interval analysis, and an interactive curses-based TUI with process kill engine.

Scrapes a list of Payload Domains, IOC's & C2 IPs from from various feeds for easy blacklisting.

C2 Framework Fingerprinter: identifies Cobalt Strike, Metasploit, Sliver, Havoc, Covenant, Brute Ratel from PCAP traffic using beacon analysis, URI patterns, JA3, and HTTP headers

Python network forensics tool that detects C2 beaconing, port scans, data exfiltration, DNS tunneling, and 20+ threat patterns in PCAP files. Behavioral analysis for the encrypted traffic era. Every finding maps to MITRE ATT&CK.

AI-powered network packet analyzer: detects C2, exfiltration, and lateral movement from pcap or tcpdump output.

Client-side C2 beaconing detector -- Random Forest + Isolation Forest ML, jitter analysis, ThreatFox IOC lookup, ATT&CK technique mapping, no data leaves browser

Flow-level behavioural detection of command-and-control beaconing under timing jitter, size variation, burst traffic, hard benign profiles, and CTU-13 public-data domain shift. Includes synthetic benchmarking, interpretable/statistical/anomaly/supervised baselines, minimum-evidence analysis, CTU-native validation, and report-ready results.

A Wireshark-based network traffic analysis simulating a live SOC incident at Vendmo Tech. Detects C2 beaconing, data exfiltration & port scanning across a 2.3GB PCAP. Includes 8 findings, 10 IOCs, MITRE ATT&CK v14 mapping & attack timeline. Blue Team / SOC portfolio project.

AI-augmented threat detection sidecar for Pi-hole — heuristic DGA, NXDOMAIN, volume, and beacon detection on the query log

An enterprise network security incident response report leveraging Wireshark to perform layer 7 deep packet inspection, isolating malicious command-and-control (C2) infrastructure and typosquatted data exfiltration channels.

Network traffic analysis using Wireshark to identify suspicious HTTP POST-based Command-and-Control (C2) communication and extract Indicators of Compromise (IOCs).

SOC C2 Beaconing Detection Platform

Network threat detection and traffic analysis using Wireshark — DNS tunneling detection, TLS fingerprinting with JA4, C2 beacon identification, and automated analysis with TShark

Outbound network monitor to detect beaconing and command-and-control-like behavior on Linux hosts.

Deploy your own Network Detection and Response platform in minutes and start hunting threats across your network. Archer turns raw Zeek logs into actionable intelligence — spot beacons, catch exfiltration, and trace lateral movement before attackers reach their objective. Pure-Go, single container, no cloud, no cost, no compromise

eBPF-based monitor for detecting suspicious activity during Docker image builds

Multi-signal C2 beacon detector. Correlates Zeek conn.log, dns.log, and ssl.log to score and rank beacon candidates with per-signal breakdowns and ATT&CK mapping.

menu bar malware monitor. detects and kills blockchain C2 backdoor processes, with a live web dashboard