Sandworm: Application Layer Protocol and Web Emulation
Command and control is the connective tissue of nearly every intrusion that progresses beyond initial access — without it, an attacker cannot issue commands, move laterally, or exfiltrate...
Command and control (C2) is a crucial part of any cyber attack because it allows adversaries to establish and maintain communications with the systems they have compromised in a target environment. After an attacker successfully breaches a network or system, they need a reliable way to communicate with the malware or tools they have deployed. That communication channel is what C2 provides.
Without effective C2, attackers lose control of their operations. Adversaries depend heavily on this communication channel to persist in compromised environments — in effect, C2 is the lifeline that turns what could be a short-term breach into a long-term presence, enabling continued exploitation of the target over time.
To establish C2, adversaries use a variety of channels. One common technique is the use of legitimate remote access software such as VNC or TeamViewer. These tools provide an alternative communication channel, giving attackers redundant access, and they enable interactive remote desktop sessions that let an attacker directly control the target system.
Sign in to read this course
A free account unlocks all 514 courses. 20 are readable without one.
What's inside
6 sections- 1 Table of Contents
- 2 Module 1: Command-and-Control Fundamentals and Application-Layer Protocol Abuse
- 3 Module 2: Sandworm's Use of Web Protocols for Command and Control
- 4 Module 3: Hands-On Lab — Emulating and Detecting HTTP-Based C2 Traffic
- 5 MITRE ATT&CK Reference Tables
- 6 Summary
More Security Hot Takes & Threat Intel courses
View all 21Hot Takes: Inside a Microsoft Ransomware Attack
The Marks & Spencer incident is a textbook example of how modern ransomware operations succeed by targeting identity infrastructure and virtualization hosts rather than individual endpoin...
IT Security Champion: Cyber Threat Intel and Emerging Threats
Security is everyone's job — not solely the responsibility of the security department. Adopting a security culture and a security mindset is the foundation of being an effective IT securi...
Security Hot Takes: The LastPass Breach
The LastPass breach is actually two distinct but connected security incidents, separated by several months, with confusing and inconsistent public communication from the company throughou...
Security Hot Takes: SBOMs
security · hot · takes · sboms · threat · intel · networking · systems · sbom · bills · materials · concept · debate · mandate · software.
Security Hot Takes: The Aliquippa Water Breach
The Aliquippa Water Authority breach is a case study in how a basic, avoidable systems-integration failure — not a sophisticated exploit — can expose critical infrastructure to compromise...
Security Hot Takes: Are You Pen Testing AI Apps?
AI applications are not "just another web app," and treating them that way leaves organizations blind to an entire class of risk. Historical precedent — such as attackers reverse engineer...
Interested in this course?
Contact us to book it or get a custom training plan for your team.