Time
8 hours 28 minutes
Difficulty
Beginner
CEU/CPE
10

Video Transcription

00:00
hello and welcome to another application of the minor attack framework discussion. Today. We're looking at data transfer size limits.
00:10
So our objectives for this discussion today are as follows we're going to be describing data transfer size limits, some mitigation techniques as well as some detection techniques. So what is data transfer size limits? Well,
00:26
this is when a threat actor will expert trait data in fixed size chunks, toe limit packet sizes below a certain threshold. This is done to avoid triggering triggering alerts concerning data transferred threshold limits.
00:40
Now a particular tool that is out there that could do this is upsy um and this is a Trojan used by the oil rig Advanced Persistent Threat group to remotely execute commands. Now it can do things such as data and coding, data transfer size limits,
00:57
file deletion, office cation of files or information.
01:00
And so again,
01:02
this is when, instead of sending everything at once, we're trying to do it in a single stream. They can break it up into various sizes and have that done over a period of time versus all. At once. Mitigation techniques here are going to be really using that were contrition prevention to look for traffic to command and control systems
01:21
and looking for malware type traffic or activity.
01:26
So that's going to be the primary mitigation technique for these types of activities. Detention techniques are going to be circling around monitoring network traffic for consistent fixed size data packets and other on activities looking for abnormal things. Now, if you've got a packet that's a few bites
01:42
and it's going out every 10 minutes or so, that may be hard to detect.
01:47
So really again, understanding the way your network communicates on a regular basis. The type of activity that you see from systems and being able to flag abnormal activity is going to be the key to stopping these types of attacks or finding these types of attack activities.
02:05
So let's do a quick check on learning for this quick discussion today. True or false, a data transfer sized limit is the max amount of data you can transfer over the Internet.
02:16
All right, well, if you need additional Tom, please pause the video. So a data size limit is the max amount of data that you would essentially transfer over a packet or a particular connection in bits and pieces to ensure
02:31
that you avoid flagging certain systems or controls. And so this is a false statement.
02:38
Typically, data caps or size limits were going to be the mat maximum. You can send over like email or something of that nature, but typically the Internet itself doesn't have a max data cap that you put on it.
02:52
So in summary of today's discussion, we describe data transfer size limits and we look at a tool called poopsie.
03:00
Within that we did some mitigation techniques discussion, and we looked at detection techniques as well. So with that in mind, don't want to thank you for your time today, and I look forward to seeing you again soon.

Up Next

Application of the MITRE ATT&CK Framework

This MITRE ATT&CK training is designed to teach students how to apply the matrix to help mitigate current threats. Students will move through the 12 core areas of the framework to develop a thorough understanding of various access ATT&CK vectors.

Instructed By

Instructor Profile Image
Robert Smith
Director of Security Services at Corsica
Instructor