Much of the time and attention dedicated to modern network security focuses on detecting the contemporary vulnerabilities and exploits which power the breaches that make the headlines. With almost all of the emphasis is placed around the endless cycle of new entry points, we are often overlooking what is perhaps one of the most profoundly interesting aspects of modern network breaches; the post-exploit communication of a compromised system to the attacker—known as command and control.
Once malware has compromised an end system, the tables are turned against the attackers; we go from being on defense, to being on offense. Attackers are constantly evolving their techniques and have become incredibly creative in attempting to hide their tracks, maintain control of compromised systems, and exfiltrate sensitive data. This presentation will explore how command and control channels have evolved against traditional defenses, where they are today, future predictions on their evolution, and most importantly, how you can go on the offense to protect your organization by identifying and disrupting command and control channels in your network.