Deceptive C2 Protocols

Engage Goals: EGO0002 Affect

Engage Approach: EAP0005 Disrupt

Engage Actions: EAC0014 Software Manipulation, EAC0015 Information Manipulation

Name of Element: Deceptive C2 Protocols

Description of Element:

Goal: Disrupt attacker communications by manipulating C2 protocols or introducing unexpected behavior.

Approach: Modifying C2 protocols or introducing anomalies to confuse attackers.

Modify existing C2 protocols or introduce subtle anomalies in communication patterns to confuse attackers, disrupt their tools, or trigger alerts. This can involve changing data formats, introducing delays, or injecting unexpected commands.

Technical Context:

This element requires the ability to intercept and modify network traffic. This can be achieved through network security tools, proxy servers, or even by manipulating malware on infected systems. This aligns with the MITRE ATT&CK technique T1573.001 (Encrypted Channel: Symmetric Cryptography).

Other:

Combine this with deceptive network traffic analysis to make the anomalies appear more subtle and difficult to detect.

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense