After an initial compromise through Phishing or remote server compromise, Command and Control channels "C2" are used by attackers to remotely run arbitrary commands on the victim's network. Once an attacker establishes a C2 they will look to move laterally or toward their target but C2 channels will remain their connection into your network. If we are able to prevent or detect these channels we have a chance to shutdown their connection before the attacker can do damage or exfiltrate data. This talk will explore common and emerging C2 channel techniques and some ways to prevent or detect them. The discussing will offer something for every level of interest and technical knowledge. Throughout the presentation Paul weaves in high level business and risk views with tech basics and advanced tech details.
This is a private event for CTMX members. Apply for membership https://www.ctmx.org/join