Category:Command and Control
The command and control tactic represents how adversaries communicate with systems under their control within a target network. There are many ways an adversary can establish command and control with various levels of covertness, depending on system configuration and network topology. Due to the wide degree of variation available to the adversary at the network level, only the most common factors were used to describe the differences in command and control. There are still a great many specific techniques within the documented methods, largely due to how easy it is to define new protocols and use existing, legitimate protocols and network services for communication.
The resulting breakdown should help convey the concept that detecting intrusion through command and control protocols without prior knowledge is a difficult proposition over the long term. Adversaries' main constraints in network-level defense avoidance are testing and deployment of tools to rapidly change their protocols, awareness of existing defensive technologies, and access to legitimate Web services that, when used appropriately, make their tools difficult to distinguish from benign traffic.
Pages in category "Command and Control"
The following 21 pages are in this category, out of 21 total.
- Data Obfuscation
- Fallback Channels
- Custom Cryptographic Protocol
- Multiband Communication
- Standard Cryptographic Protocol
- Commonly Used Port
- Uncommonly Used Port
- Standard Application Layer Protocol
- Multilayer Encryption
- Connection Proxy
- Communication Through Removable Media
- Custom Command and Control Protocol
- Standard Non-Application Layer Protocol
- Web Service
- Multi-Stage Channels
- Remote File Copy
- Data Encoding
- Domain Fronting
- Multi-hop Proxy
- Port Knocking
- Remote Access Tools