Application Layer Protocol: Web Protocols

In this course, students will learn how C2 connections are established and used by attackers in a real-world demonstration to give learners a sense of how to detect malicious HTTP traffic. This is the last course in the Raspberry Robin Attack series.

Time
1 hour 35 minutes
Difficulty
Intermediate
CEU/CPE
2
Share
NEED TO TRAIN YOUR TEAM? LEARN MORE
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Sign up with Google
Sign up with Apple
Sign up with Microsoft
View all SSO options

Already have an account? Sign In »

Course Content
Campaign Overview
15m

2.1Attack, Detect and Mitigate

20m

2.2Raspberry Robin Lab

1h
Course Description

This course will cover the technique:

T1071.001: Application Layer Protocol: Web Protocols. Last but not least, we have the T1071.001, which is the MITRE TTP for establishing a C2 connection over a web protocol. In this course, we take a look at what this activity looks like within your logging, as well as provide some tips for ongoing efforts to review and tune this activity to ensure higher fidelity in the future.

This is the last stage of the Raspberry Robin attack. From here, the attacker could pivot to another host, exfiltrate any data they find valuable, or even use the compromised host as a part of a botnet if desired.

Learn how to detect and mitigate these techniques to protect your organization from this type of attack. Apply what you learn and get the hands-on skills you need in Cybrary's MITRE ATT&CK Framework courses aligned to tactics and techniques used by threat actors.

Instructed By
Matthew Mullins

Matthew Mullins

Technical Manager, Red Team

Instructor
Owen Dubiel

Owen Dubiel

Security Engineer

Instructor
Provider
Cybrary
Certificate of Completion
Certificate Of Completion

Complete this entire course to earn a Application Layer Protocol: Web Protocols Certificate of Completion