book

Python for Cybersecurity

by Howard E. Poston, III

March 2022

Intermediate to advanced

240 pages

5h 13m

English

Wiley

Read now

Unlock full access

How This Book Is OrganizedTools You Will NeedFrom Here
Active ScanningSearch Open Technical DatabasesSummarySuggested Exercises
Valid AccountsReplication Through Removable MediaSummarySuggested Exercises
Windows Management InstrumentationScheduled Task/JobSummarySuggested Exercises
Boot or Logon Autostart ExecutionHijack Execution FlowSummarySuggested Exercises
Boot or Logon Initialization ScriptsHijack Execution FlowSummarySuggested Exercises
Impair DefensesHide ArtifactsSummarySuggested Exercises
Credentials from Password StoresNetwork SniffingSummarySuggested Exercises

Account DiscoveryFile and Directory DiscoverySummarySuggested Exercises
Remote ServicesUse Alternative Authentication MaterialSummarySuggested Exercises
Clipboard DataEmail CollectionSummarySuggested Exercises
Encrypted ChannelProtocol TunnelingSummarySuggested Exercises
Alternative ProtocolsNon-Application Layer ProtocolsSummarySuggested Exercises
Data Encrypted for ImpactAccount Access RemovalSummarySuggested Exercises
Acknowledgments

Content preview from Python for Cybersecurity

CHAPTER 11Implementing Command and Control

A primary goal of penetration testing engagements is for the tester to gain a foothold on target systems. However, the tester remains outside the network and needs a way to communicate with their malware and other tools inside.

Command-and-control channels provide these remote management capabilities over the network. The MITRE ATT&CK framework's Command and Control tactic has 16 techniques for building and concealing this channel, as shown in Figure 11.1.

Snapshot of MITRE ATT&CK: Command and Control — Figure 11.1: MITRE ATT&CK: Command and Control

If a defender can read command-and-control data, it is much easier to detect and remove an attacker's foothold in a target environment. Two ways to protect against this are rendering command-and-control data unreadable and making it difficult to find. This chapter explores both of these approaches via MITRE ATT&CK's Encrypted Channel and Protocol Tunneling techniques.

The code sample archive for this chapter can be found at https://www.wiley.com/go/pythonforcybersecurity and contains the following sample code files:

EncryptedChannelClient.py
EncryptedChannelServer.py
DetectEncryptedTraffic.py
ProtocolTunnelingClient.py
ProtocolTunnelingServer.py
ProtocolDecoder.py

Encrypted Channel

Encryption is the most effective way to protect sensitive data from eavesdropping. Data encrypted with a strong encryption algorithm is unreadable ...