Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
It is common for attackers to establish command-and-control (C&C) channels after the initial device compromise. The presence of a C&C channel on your network indicates that an attacker might be conducting a persistent attack. The ultimate objective of a persistent attack, such as data exfiltration, could have a significant impact on a business or organization.
The system might change the risk score for this detection.
Kill Chain
Risk Score
60
Attackers can remotely interact with the command-line interface of a compromised device through a shell program or network utility, which enables the attacker to send commands over a TCP connection. The commands can be encrypted or tunneled through other protocols to help the attacker evade detection. After running commands, the attacker can ultimately control the remote device and then pivot to compromise other devices on the network.
Because IT administrators often remotely manage devices through a shell, investigate to confirm the shell activity is legitimate.
Configure firewalls to block outbound traffic to suspicious external hosts
Remove or prohibit unnecessary network utilities that enable users to easily create shells for most programming languages
Provision devices to communicate over authorized interfaces
