Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update T1041.yaml DNS-Based C2 Data Exfiltration #2663

Merged
merged 5 commits into from
Jan 29, 2024
Merged

Update T1041.yaml DNS-Based C2 Data Exfiltration #2663

merged 5 commits into from
Jan 29, 2024

Conversation

prashanthpulisetti
Copy link
Contributor

Atomic Test #2 - DNS-Based C2 Data Exfiltration

Description:
Simulates an adversary using DNS tunneling to exfiltrate data over a Command and Control (C2) channel.

Details:
This atomic test is designed to assess the detection capabilities of security tools and systems in identifying DNS-based data exfiltration techniques. It involves simulating an adversary's actions to exfiltrate data using DNS queries.

Testing:
Testing for this atomic test was conducted in a controlled and isolated environment. It involved the following steps:

  1. Configuration of a controlled DNS server environment for testing.
  2. Simulation of an adversary using DNS tunneling to exfiltrate sensitive data.
  3. Monitoring DNS traffic between the client and the authoritative DNS server.
  4. Analysis of detection and response capabilities of security tools and systems.

Associated Issues:
NA

@prashanthpulisetti
Update T1041.yaml DNS-Based C2 Data Exfiltration
2da3722 
Simulates an adversary using DNS tunneling to exfiltrate data over a Command and Control (C2) channel.
clr2of8
clr2of8 requested changes Jan 20, 2024
View reviewed changes
atomics/T1041/T1041.yaml Outdated Show resolved Hide resolved
atomics/T1041/T1041.yaml Outdated Show resolved Hide resolved
atomics/T1041/T1041.yaml Outdated Show resolved Hide resolved
@prashanthpulisetti
Update T1041.yaml
f673ff2 
updated the changes as requested
clr2of8
clr2of8 approved these changes Jan 29, 2024
View reviewed changes
Copy link
Collaborator

@clr2of8 clr2of8 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thanks for the updates

@clr2of8 clr2of8 merged commit a5a1cf7 into redcanaryco:master Jan 29, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@clr2of8 clr2of8 clr2of8 approved these changes

Assignees

@MHaggis MHaggis

@clr2of8 clr2of8

Labels
windows
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@prashanthpulisetti @clr2of8 @MHaggis @cyberbuff