User contributions for SourMilk

Search for contributionsExpandCollapse
⧼contribs-top⧽
⧼contribs-date⧽
(newest | oldest) View ( | ) (20 | 50 | 100 | 250 | 500)

29 January 2023

28 January 2023

26 January 2023

  • 18:3918:39, 26 January 2023 diff hist +770 N Category:PwnTillDawnCreated page with "=Description= PwnTillDawn<ref>https://online.pwntilldawn.com/</ref> Online Battlefield is a penetration testing lab created by wizlynx group where participants can test their offensive security skills in a safe and legal environment, but also having fun! The goal is simple, break into as many machines as possible using a succession of weaknesses and vulnerabilities and collect flags to prove the successful exploitation. Each target machine that can be compromised contain..." current Tag: Visual edit
  • 18:2418:24, 26 January 2023 diff hist +21 Test cheat sheetNo edit summary
  • 16:5816:58, 26 January 2023 diff hist 0 m Category:Command and ControlProtected "Category:Command and Control" ([Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite))
  • 16:5816:58, 26 January 2023 diff hist 0 m Category:ExfiltrationProtected "Category:Exfiltration" ([Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite))
  • 16:5316:53, 26 January 2023 diff hist −499 Spearphishing ServiceNo edit summary current
  • 16:4916:49, 26 January 2023 diff hist +23 Category:Phishing for InformationNo edit summary current
  • 16:0716:07, 26 January 2023 diff hist +559 N Remote Access SoftwareCreated page with "Category:Command and Control An adversary may use legitimate desktop support and remote access software, such as Team Viewer, AnyDesk, Go2Assist, LogMein, AmmyyAdmin, etc, to establish an interactive command and control channel to target systems within networks. These services are commonly used as legitimate technical support software, and may be allowed by application control within a target environment. Remote access tools like VNC, Ammyy, and Teamviewer are used f..." current
  • 16:0516:05, 26 January 2023 diff hist +668 N Protocol TunnelingCreated page with "Category:Command and Control Adversaries may tunnel network communications to and from a victim system within a separate protocol to avoid detection/network filtering and/or enable access to otherwise unreachable systems. Tunneling involves explicitly encapsulating a protocol within another. This behavior may conceal malicious traffic by blending in with existing traffic and/or provide an outer layer of encryption (similar to a VPN). Tunneling could also enable routi..." current
  • 16:0416:04, 26 January 2023 diff hist +347 N Non-Standard PortCreated page with "Category:Command and Control Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088 or port 587 as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data." current
  • 16:0416:04, 26 January 2023 diff hist +526 N Non-Application Layer ProtocolCreated page with "Category:Command and Control Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive. Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirecte..." current
  • 16:0416:04, 26 January 2023 diff hist +269 N Multi-Stage ChannelsCreated page with "Category:Command and Control Adversaries may create multiple stages for command and control that are employed under different conditions or for certain functions. Use of multiple stages may obfuscate the command and control channel to make detection more difficult." current
  • 16:0316:03, 26 January 2023 diff hist +457 N Ingress Tool TransferCreated page with "Category:Command and Control Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp. Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer)." current
  • 16:0316:03, 26 January 2023 diff hist +240 N Fallback ChannelsCreated page with "Category:Command and Control Adversaries may use fallback or alternate communication channels if the primary channel is compromised or inaccessible in order to maintain reliable command and control and to avoid data transfer thresholds." current
  • 15:5715:57, 26 January 2023 diff hist +544 N Communication Through Removable MediaCreated page with "Category:Command and Control Adversaries can perform command and control between compromised hosts on potentially disconnected networks using removable media to transfer commands from system to system. Both systems would need to be compromised, with the likelihood that an Internet-connected system was compromised first and the second through lateral movement by Replication Through Removable Media. Commands and files would be relayed from the disconnected system to th..." current
  • 15:4215:42, 26 January 2023 diff hist +381 N Category:Command and ControlCreated page with "Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim’s network structure and defenses."
  • 15:4015:40, 26 January 2023 diff hist +266 N Transfer Data to Cloud AccountCreated page with "Category:Exfiltration Adversaries may exfiltrate data by transferring the data, including backups of cloud environments, to another cloud account they control on the same service to avoid typical file transfers/downloads and network-based exfiltration detection." current
  • 15:4015:40, 26 January 2023 diff hist +221 N Scheduled TransferCreated page with "Category:Exfiltration Adversaries may schedule data exfiltration to be performed only at certain times of day or at certain intervals. This could be done to blend traffic patterns with normal activity or availability." current
  • 15:3915:39, 26 January 2023 diff hist +289 N Exfiltration to Cloud StorageCreated page with "Category:Exfiltration Over Web Service Adversaries may exfiltrate data to a cloud storage service rather than over their primary command and control channel. Cloud storage services allow for the storage, edit, and retrieval of data from a remote cloud storage server over the Internet." current
  • 15:3915:39, 26 January 2023 diff hist +339 N Exfiltration to Code RepositoryCreated page with "Category:Exfiltration Over Web Service Adversaries may exfiltrate data to a code repository rather than over their primary command and control channel. Code repositories are often accessible via an API (ex: https://api.github.com). Access to these APIs are often over HTTPS, which gives the adversary an additional level of protection." current
  • 15:3815:38, 26 January 2023 diff hist +442 N Category:Exfiltration Over Web ServiceCreated page with "Category:Exfiltration Adversaries may use an existing, legitimate external Web service to exfiltrate data rather than their primary command and control channel. Popular Web services acting as an exfiltration mechanism may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to compromise. Firewall rules may also already exist to permit traffic to these services." current
  • 15:3815:38, 26 January 2023 diff hist +370 N Exfiltration over USBCreated page with "Category:Exfiltration Over Physical Medium Adversaries may attempt to exfiltrate data over a USB connected physical device. In certain circumstances, such as an air-gapped network compromise, exfiltration could occur via a USB device introduced by a user. The USB device could be used as the final exfiltration point or to hop between otherwise disconnected systems." current
  • 15:3715:37, 26 January 2023 diff hist +524 N Category:Exfiltration Over Physical MediumCreated page with "Category:Exfiltration Adversaries may attempt to exfiltrate data via a physical medium, such as a removable drive. In certain circumstances, such as an air-gapped network compromise, exfiltration could occur via a physical medium or device introduced by a user. Such media could be an external hard drive, USB drive, cellular phone, MP3 player, or other removable storage and processing device. The physical medium or device could be used as the final exfiltration point..." current
  • 15:3715:37, 26 January 2023 diff hist +302 N Exfiltration Over BluetoothCreated page with "Category:Exfiltration Over Other Network Medium Adversaries may attempt to exfiltrate data over Bluetooth rather than the command and control channel. If the command and control network is a wired Internet connection, an adversary may opt to exfiltrate data using a Bluetooth communication channel." current
  • 15:3615:36, 26 January 2023 diff hist +355 N Category:Exfiltration Over Other Network MediumCreated page with "Category:Exfiltration Adversaries may attempt to exfiltrate data over a different network medium than the command and control channel. If the command and control network is a wired Internet connection, the exfiltration may occur, for example, over a WiFi connection, modem, cellular data connection, Bluetooth, or another radio frequency (RF) channel." current
  • 15:3615:36, 26 January 2023 diff hist +242 N Exfiltration Over C2 ChannelCreated page with "Category:Exfiltration Adversaries may steal data by exfiltrating it over an existing command and control channel. Stolen data is encoded into the normal communications channel using the same protocol as command and control communications." current
  • 15:3615:36, 26 January 2023 diff hist +297 N Exfiltration Over Unencrypted Non-C2 ProtocolCreated page with "Category:Exfiltration Over Alternative Protocol Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server." current
  • 15:3515:35, 26 January 2023 diff hist +309 N Exfiltration Over Asymmetric Encrypted Non-C2 ProtocolCreated page with "Category:Exfiltration Over Alternative Protocol Adversaries may steal data by exfiltrating it over an asymmetrically encrypted network protocol other than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server." current
  • 15:3515:35, 26 January 2023 diff hist +307 N Exfiltration Over Symmetric Encrypted Non-C2 ProtocolCreated page with "Category:Exfiltration Over Alternative Protocol Adversaries may steal data by exfiltrating it over a symmetrically encrypted network protocol other than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server." current
  • 15:3415:34, 26 January 2023 diff hist +253 N Category:Exfiltration Over Alternative ProtocolCreated page with "Category:Exfiltration Adversaries may steal data by exfiltrating it over a different protocol than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server." current
  • 15:3415:34, 26 January 2023 diff hist +236 N Data Transfer Size LimitsCreated page with "Category:Exfiltration An adversary may exfiltrate data in fixed size chunks instead of whole files or limit packet sizes below certain thresholds. This approach may be used to avoid triggering network data transfer threshold alerts." current
  • 15:3415:34, 26 January 2023 diff hist +397 N Traffic DuplicationCreated page with "Category:Automated Exfiltration Adversaries may leverage traffic mirroring in order to automate data exfiltration over compromised network infrastructure. Traffic mirroring is a native feature for some network devices and used for network analysis and may be configured to duplicate traffic and forward to one or more destinations for analysis by a network analyzer or other monitoring device." current
(newest | oldest) View ( | ) (20 | 50 | 100 | 250 | 500)
Retrieved from "https://rcats.dev/rcats/index.php/Special:Contributions/SourMilk"