Top 5 Ways Attackers Disguise C&C and Exfiltration Traffic
Detecting Malicious Activity at the Network Level
Except for purely destructive payloads, malicious software must initiate outbound communications for command-and-control purposes and— in cases of data theft or exposure extortion—exfiltration.
If your preventive controls fail to stop the initial exploit and if your EDR fails to detect malware, then your next best chance to limit the damage is to detect malware at the network level when the malware phones home.
In this webinar speakers examine how threat actors disguise traffic and explore how you can increase your chances of detecting outbound malicious traffic even when it’s been specifically tailored to your environment so as to blend in.
Join Senior Security Researcher Chad Anderson from DomainTools, and Randy Franklin Smith to learn how to detect stealthy C&C traffic and strategies that leverage attacker’s dependence on Internet IP addresses and domain names.
In this webinar you will learn:
- Evasion methods leveraged by threat actors
- About the Cobalt Strike Beacon to illustrate these methods
- Detection techniques for defenders