Command & Control 101: Transports – Tradecraft Security Weekly #9

July 7, 2017

After an attacker is successful in getting a payload onto a system and getting it to run they still have to worry about whether there will be a successful connection out to a command and control server. There are a number of different transport mechanisms that can be utilized including direct TCP connections, pivoting through a proxy, DNS, or even ICMP to name a few. In this episode of Tradecraft Security Weekly Beau Bullock (@dafthack) details some of these transports that can be used to establish remote command and control over a system. LINKS: Dnscat Gcat PowerShellICMP icmpsh Week of PowerShell Shells

[audio src="http://traffic.libsyn.com/tswaudio/Command__Control_101_Transports_-_Tradecraft_Security_Weekly_9_converted.mp3"]

prestitial ad