Michael Haag
@@ -0,0 +1,50 @@
|
||||
---
|
||||
attack_technique: T1065
|
||||
display_name: Adversaries may conduct C2 communications over a non-standard port to bypass proxies and firewalls.
|
||||
|
||||
atomic_tests:
|
||||
- name: Testing usage of uncommonly used port with PowerShell
|
||||
description: |
|
||||
Testing uncommonly used port utilizing PowerShell
|
||||
|
||||
supported_platforms:
|
||||
- windows
|
||||
|
||||
input_arguments:
|
||||
port:
|
||||
description: Specify uncommon port number
|
||||
type: String
|
||||
default: 8081
|
||||
hostname:
|
||||
description: Specify target hostname
|
||||
type: String
|
||||
default: google.com
|
||||
|
||||
executor:
|
||||
name: powershell
|
||||
command: |
|
||||
test-netconnection -ComputerName #{hostname} -port #{port}
|
||||
|
||||
- name: Testing usage of uncommonly used port
|
||||
description: |
|
||||
Testing uncommonly used port utilizing telnet.
|
||||
|
||||
supported_platforms:
|
||||
- linux
|
||||
- macos
|
||||
|
||||
input_arguments:
|
||||
port:
|
||||
description: Specify uncommon port number
|
||||
type: String
|
||||
default: 8081
|
||||
hostname:
|
||||
description: Specify target hostname
|
||||
type: String
|
||||
default: google.com
|
||||
|
||||
executor:
|
||||
name: sh
|
||||
command: |
|
||||
telnet #{hostname} #{port}
|
||||
|
||||
Reference in New Issue
Block a user