FlareStart
Back to articles
GhostWatch—an open-source covert channel detector for DNS tunneling, ICMP, HTTP C2 beaconing and timing channels
NewsTools

GhostWatch—an open-source covert channel detector for DNS tunneling, ICMP, HTTP C2 beaconing and timing channels

via Dev.toHaider Khan

I built GhostWatch to detect what enterprise tools like Darktrace and Vectra Miss—covert channels hidden inside normal-looking DNS, ICMP, and HTTP traffic. It uses entropy analysis and behavioral detection instead of signatures. so it catches real APT techniques like OilRig DNS tunneling and SUNBURST-style beaconing. GitHub: https://github.com/ShadowHunter89/ghostwatch Would genuinely appreciate feedback from anyone who works in networks. security or blue team. Still early stage.

Continue reading on Dev.to

Opens in a new tab

Read Full Article
3 views

Related Articles

Apple just announced its new $599 MacBook, bringing back what's been missing
News

Apple just announced its new $599 MacBook, bringing back what's been missing

ZDNet7h ago

Live blog: Every new Apple product and updates from the March event
News

Live blog: Every new Apple product and updates from the March event

ZDNet7h ago

Comments that outlived errors
News

Comments that outlived errors

Medium Programming9h ago

Programming for Pleasure: Sudoku-11
News

Programming for Pleasure: Sudoku-11

Medium Programming9h ago

I Ranked 30 Energy Drinks, From Celsius to Ghost (2025)
News

I Ranked 30 Energy Drinks, From Celsius to Ghost (2025)

Wired9h ago

Discover More Articles