Application Layer Protocol: Web Protocols
In this course, students will learn how C2 connections are established and used by attackers in a real-world demonstration to give learners a sense of how to detect malicious HTTP traffic. This is the last course in the Raspberry Robin Attack series.
Already have an account? Sign In »
Module 1: Introduction
Module 2: What is Technique T1071.001?
This course will cover the technique:
T1071.001: Application Layer Protocol: Web Protocols. Last but not least, we have the T1071.001, which is the MITRE TTP for establishing a C2 connection over a web protocol. In this course, we take a look at what this activity looks like within your logging, as well as provide some tips for ongoing efforts to review and tune this activity to ensure higher fidelity in the future.
This is the last stage of the Raspberry Robin attack. From here, the attacker could pivot to another host, exfiltrate any data they find valuable, or even use the compromised host as a part of a botnet if desired.
Learn how to detect and mitigate these techniques to protect your organization from this type of attack. Apply what you learn and get the hands-on skills you need in Cybrary's MITRE ATT&CK Framework courses aligned to tactics and techniques used by threat actors.
Technical Manager, Red Team
Complete this entire course to earn a Application Layer Protocol: Web Protocols Certificate of Completion