Jordan LaRose and Derek Stoeckenius conclude the series with a workshop on C2/C3 and exfiltration. In this workshop:
- Learn about commonly-used Command and Control (C2) channels including HTTP and DNS.
- Make use of open-source tools to detect C2 traffic.
- Explore how threat actors use legitimate services, like Dropbox, to hide C2 traffic, through demonstrations with F-Secure's C3 framework.
You can find the workshop guides over on the F-Secure Labs website:
Lab guide 1: https://labs.f-secure.com/blog/attack-detection-fundamentals-c2-and-exfiltration-lab-1
Lab guide 2: https://labs.f-secure.com/blog/attack-detection-fundamentals-c2-and-exfiltration-lab-2
Lab guide 3: https://labs.f-secure.com/blog/attack-detection-fundamentals-c2-and-exfiltration-lab-3
