Exfiltration Over Alternative Protocol and Clear CLI History
Financially motivated adversaries will often steal valuable data and exfiltrate it over an alternate protocol like FTP, SMTP or, HTTP/S. They could also encrypt or obfuscate these alternate channels to protect their nefarious activities. Learn to exfiltrate the attackers by detecting and mitigating these techniques.
2.1What is Exfiltration over Alternative Protocol?
2.2What is Clear Command Line History?
2.3Detection, Validation, and Mitigation (Lab)
Organizations that don't have proper data loss prevention or network intrusion detection/prevention mechanisms in place could fall victim to attackers who use the Exfiltration over Alternative Protocol technique. Threat actors have been known to use this method to exfiltrate data to a URL, via UDP, or even over an email account, for example. There are numerous ways threat actors can use alternative protocols for nefarious means to steal data and put it where they can get to it later.
You will be in a better position to protect your organization from attackers who might want to steal valuable data once you learn how to detect and mitigate this activity.
Get the hands-on skills you need to detect and mitigate this attack in Cybrary's MITRE ATT&CK Framework courses aligned to the tactics and techniques used by the financially motivated threat group Prophet Spider. Prevent adversaries from accomplishing the tactic of Exfiltration in your environment today.
Complete this entire course to earn a Exfiltration Over Alternative Protocol and Clear CLI History Certificate of Completion