November 17

Webinar takeaway: How to Cover C&C in the MITRE ATT&CK Matrix

0  comments

file

My key takeaways

  • Modern threats are almost impossible to detect by signatures or heuristics
  • command and control channels (C2) now are often using common encryption like https so content analysis is not an option either
  • Well known and legit websites are abused as C2 channels like Google Mail or O365
  • Even CDNs are used as C2 channels and they can’t filter out beacons due to the amount of traffic in the network
  • Monitoring network anomalies with tools like Passer or RITA might show C2 beacons
  • the MITRE framework has elements to test for data exfiltration

Env

additional links


Tags

C2, ransomware, threathunting


You may also like

Webinar takeaway – Applying The Threat Hunter’s Runbook

Webinar takeaway – Applying The Threat Hunter’s Runbook

Webinar takeaway – The Ins and Outs of RITA

Webinar takeaway – The Ins and Outs of RITA
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}