8 hours 28 minutes

Video Transcription

hello and welcome to another application of the minor attack framework discussion today. We're looking at our case study for command and control. So what if I told you there was such a thing as zombies? And they are rial, but
they're not actual flesh eating beans. They are things such as botnets. So when we talk about a zombie that is an infected or impacted system that essentially is at the beck and call of a command and control server.
And so these could be used for things like sending spam, infecting other machines connecting denial of service attacks.
They could be made up of private computers. And so your home computer could be a zombie and you don't know it. Infection methods are usually delivered with email attachments or compromise software that you use, so nothing in this world is free. Keep that in mind. So
what are the points that we should consider when it comes to zombies and command and control activity? Well, how would you know if your system is acting as his own be? What do we really have? What capabilities do we have? His home users,
you know, with our systems at home How do we detect whether or not we've got malicious traffic leaving the network?
How do we know what our system is doing behind our back? If we don't, then there may be some things we need to work on. And what methods do you currently used to detect that activity again? There's a number of things that end users at home can use.
But we do want to focus on the business aspect as well.
And so how would you know? And have you had any of your i ps blacklisted recently?
So if you don't do any type of malicious sending or spamming, you're not a marketing firm sending out a bunch of messages
and you get flagged a spamming.
If that's not your m O,
then why would something like that have happened? Right, So
you have to consider
there may be an entity using your likeness or your organization to do evil. And so you need to take the time, effort and energy to look at things like outgoing traffic patterns. Are you making connections to foreign I. P s in countries that you normally don't do business with or
connecting decides that you're know you're not connecting to.
And so doing this type of investigation can help you to track down potential systems that could be impacted by the commanding control software or other threat actor type activities that may be taking place on your network. So with that, I want to thank you for your time today, and I look forward to seeing you again soon.

Up Next

Application of the MITRE ATT&CK Framework

This MITRE ATT&CK training is designed to teach students how to apply the matrix to help mitigate current threats. Students will move through the 12 core areas of the framework to develop a thorough understanding of various access ATT&CK vectors.

Instructed By

Instructor Profile Image
Robert Smith
Director of Security Services at Corsica