12. Command and Control
Command and Control (TA0011)
Command and Control (C2) consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries use these techniques to send commands to compromised systems and receive the results.
Strategy
- Traffic Blending: Use HTTPS port 443.
- Beaconing: Don't keep the connection open. Check in every 10 minutes (Jitter).
- Hiding: Use Domain Fronting or reputable cloud services.
Section Contents
-
Encrypted Channel
Using encrypted channels (HTTPS, DNS over HTTPS) to hide C2 traffic.
-
Ingress Tool Transfer
Downloading tools from an external C2 server to the victim.
-
Web Service
Using legitimate web services (social media, cloud storage) for C2 communication.
