Many organizations still don't block unknown outbound ports. This allows adversaries to leverage them for command and control activities. Even if you are blocking these ports adversaries can use standard ports with different protocols to avoid detection. Learn how to detect and thwart this command and control behavior to secure your environment.
Once an adversary has found their way into your environment, gotten a good look around, and decided it’s worth an extended stay, they will often set up command and control (C2). Although there are numerous ways to accomplish this goal, one of them is to allow these mechanisms to communicate over ports an organization may not be watching or blocking. Even more clever is when these C2 infrastructures communicate over known, encrypted ports such as HTTPS on 443. Although this behavior can be tricky to spot, it is possible with the right approach.
Get the hands-on skills you need to detect and mitigate this attack in Cybrary's MITRE ATT&CK Framework courses aligned to the tactics and techniques used by financially motivated threat group FIN7. Prevent adversaries from accomplishing the tactic of Command and Control in your environment today.
Complete this entire course to earn a Non-Standard Port Certificate of Completion