November 17

Webinar takeaway: How to Cover C&C in the MITRE ATT&CK Matrix

Security

0  comments

My key takeaways

  • Modern threats are almost impossible to detect by signatures or heuristics
  • command and control channels (C2) now are often using common encryption like https so content analysis is not an option either
  • Well known and legit websites are abused as C2 channels like Google Mail or O365
  • Even CDNs are used as C2 channels and they can't filter out beacons due to the amount of traffic in the network
  • Monitoring network anomalies with tools like Passer or RITA might show C2 beacons
  • the MITRE framework has elements to test for data exfiltration

Env

additional links

Tags

C2, ransomware, threat hunting

You may also like

What Fantasy Role-Playing Games Can Teach Us About Cybersecurity Roles

— And why your SOC might actually need a Bard 🐉⚔️ Cybersecurity teams are often compared to armies, fire brigades, or special forces. Personally? I think they’re much closer to a party of heroes in a classic fantasy role-playing game. No matter how many frameworks, SIEMs, or AI tools we summon, defending a digital kingdom

Read More

Ransomware Resilience Starts in the Mind: Overcoming Cognitive Biases and Decision-Making Errors in Cybersecurity

Why We Keep Losing Despite Stronger Security Controls Over the past three years, businesses have almost doubled their confidence in cybersecurity—rising from 32% in 2021 to 54% in 2024 (The Global Cost of Ransomware Study, 2025). Despite this, ransomware’s impact has only grown: 40% of affected companies suffered significant revenue losses, 58% experienced operational downtime,

Read More
Leave a Comment