November 17

Webinar takeaway: How to Cover C&C in the MITRE ATT&CK Matrix

Security

0  comments

My key takeaways

  • Modern threats are almost impossible to detect by signatures or heuristics
  • command and control channels (C2) now are often using common encryption like https so content analysis is not an option either
  • Well known and legit websites are abused as C2 channels like Google Mail or O365
  • Even CDNs are used as C2 channels and they can't filter out beacons due to the amount of traffic in the network
  • Monitoring network anomalies with tools like Passer or RITA might show C2 beacons
  • the MITRE framework has elements to test for data exfiltration

Env

additional links

Tags

C2, ransomware, threathunting

You may also like

Webinar takeaway – Shellcode Execution with Python

teaser for this Webcast, which made me attend Imagine you are pen testing a company and gain access to a Windows application server. You discover the server has application allow listing deployed, and strong EDR/XDR defensive solutions. To your excitement, you find there is a Python interpreter installed. It would be really great if you

Read More

Webinar takeaway – Applying The Threat Hunter’s Runbook

My key takeaways threat hunting runbook Identify connection persistency Identify if there is a business need Protocol analysis Investigate external IP address Investigate internal IP address Threat hunting is stealthy only when in IR mode, the adversary should be allowed to notice we are after him set the TCP timeout from 5min to 1h in

Read More
Leave a Comment