Red teams performing adversary simulation exercises and purple team engagements should be able to demonstrate similar C2 capabilities whilst maintaining client security. Examples of legitimate services that have been seen used in real-world attacks include Outlook, Instagram, Google Drive, Photobucket, Telegram. ![]() This evolution of C2 has been observed in real-world attacks with threat actors resorting to using social media and other cloud services to try and blend in with legitimate traffic. The bar has been raised and attackers have been forced to adopt new techniques to hide in plain sight. This is emphasised by two out of the twelve columns of Mitre ATT&CK being related to this area, ‘Command and Control’ and 'Exfiltration’. It is no surprise then that organisations have been imposing more controls against what types of communications are allowed from systems and a priority has been placed on defensive teams to be able to effectively detect C2. ![]() It is therefore arguably one of the most important parts of the cyber kill chain because without it any payloads that are successfully delivered operate blindly, cannot provide network level pivoting and near real-time interaction. Attackers must establish command and control (C2) to gain influence within their target environments in order to pursue their goals and objectives.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |