Skip to Main Content
Python for Cybersecurity
book

Python for Cybersecurity

by Howard E. Poston, III
March 2022
Intermediate to advanced content levelIntermediate to advanced
240 pages
5h 13m
English
Wiley
Content preview from Python for Cybersecurity

CHAPTER 11Implementing Command and Control

A primary goal of penetration testing engagements is for the tester to gain a foothold on target systems. However, the tester remains outside the network and needs a way to communicate with their malware and other tools inside.

Command-and-control channels provide these remote management capabilities over the network. The MITRE ATT&CK framework's Command and Control tactic has 16 techniques for building and concealing this channel, as shown in Figure 11.1.

Snapshot of MITRE ATT&CK: Command and Control

Figure 11.1: MITRE ATT&CK: Command and Control

If a defender can read command-and-control data, it is much easier to detect and remove an attacker's foothold in a target environment. Two ways to protect against this are rendering command-and-control data unreadable and making it difficult to find. This chapter explores both of these approaches via MITRE ATT&CK's Encrypted Channel and Protocol Tunneling techniques.

The code sample archive for this chapter can be found at https://www.wiley.com/go/pythonforcybersecurity and contains the following sample code files:

  • EncryptedChannelClient.py
  • EncryptedChannelServer.py
  • DetectEncryptedTraffic.py
  • ProtocolTunnelingClient.py
  • ProtocolTunnelingServer.py
  • ProtocolDecoder.py

Encrypted Channel

Encryption is the most effective way to protect sensitive data from eavesdropping. Data encrypted with a strong encryption algorithm is unreadable ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Mastering Python for Networking and Security

Mastering Python for Networking and Security

José Manuel Ortega

Publisher Resources

ISBN: 9781119850649Purchase Link