Loading…
← Back to schedule
Finding SOCKS with ProxyWatch
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Attackers increasingly use SOCKS proxies on intrusions to pivot through compromised networks and to keep their tools away from EDR. C2 frameworks like Sliver, Cobalt Strike, and Mythic make it simple to turn one callback into a gateway for the entire network. 


As defenders, we looked at existing guidance to find SOCKS proxies and found detections too narrowly focused on specific tools, or advice too difficult to implement for every possible technique an attacker could run through SOCKS. We looked at how to identify behaviors when a process acts as a SOCKS proxy, from endpoint and network telemetry, and created ProxyWatch, a tool to find SOCKS. This talk will cover our research process into how SOCKS works, why attackers choose to use SOCKS, ways to potentially identify SOCKS behaviors in your data, and introduce ProxyWatch as a tool that implements the signals we found. 


If you’re a defender, detection engineer, incident responder, or anyone curious about how these attacks work, we invite you to join in and learn how ProxyWatch can help you find SOCKS proxies.
Speakers
avatar for Brian Reitz

Brian Reitz

SpecterOps
Brian Reitz is a consultant for SpecterOps for the Adversary Detection team, working on detection engineering for a variety of clients. He previously worked in detection and response in healthcare, and pentesting, red team, and defensive work for public-sector and commercial clie... Read More →
avatar for John Wotton

John Wotton

Consultant, SpecterOps
John Wotton is a Consultant at SpecterOps specializing in adversary simulation, Active Directory, Physical Security, and EDR evasion. He focuses on custom tooling, offensive and defensive research, and helping organizations defend against advance persistent threats.
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link