Abstract: Computer-implemented systems, methods, and computer-readable media are provided for causing an action to be performed in response to a network communication, such as a malicious network communication. In accordance with some embodiments, a first network communication sent from a client device is received, and a protocol used in the first network communication is determined. Once the protocol is determined, the protocol may be implemented to enable a second network communication with the client device. An action to be performed based at least in part on the protocol may be identified, and an instruction may be sent to the client device in the second network communication.

Abstract: Disclosed herein are system, method, and computer program product embodiments for adapting to malware activity on a compromised computer system. An embodiment operates by detecting an adversary operating malware on a compromised system. A stream of network communications associated with adversary is intercepted. The stream of network communications includes a command and control channel of the adversary. The stream of network communications is accessed. An emulation of the command and control channel is provided. An analysis of the accessed stream of traffic is executed. A plurality of response mechanisms is provided. The plurality of response mechanisms is based in part on the analysis of the stream of network communications and a custom policy language tailored for the malware.

Abstract: Computer-implemented systems, methods, and computer-readable media are provided for causing an action to be performed in response to a network communication, such as a malicious network communication. In accordance with some embodiments, a first network communication sent from a client device is received, and a protocol used in the first network communication is determined. Once the protocol is determined, the protocol may be implemented to enable a second network communication with the client device. An action to be performed based at least in part on the protocol may be identified, and an instruction may be sent to the client device in the second network communication.

Abstract: Disclosed herein are system, method, and computer program product embodiments for adapting to malware activity on a compromised computer system. An embodiment operates by detecting an adversary operating malware on a compromised system. A stream of network communications associated with adversary is intercepted. The stream of network communications includes a command and control channel of the adversary. The stream of network communications is accessed. An emulation of the command and control channel is provided. An analysis of the accessed stream of traffic is executed. A plurality of response mechanisms is provided. The plurality of response mechanisms is based in part on the analysis of the stream of network communications and a custom policy language tailored for the malware.