valitydev/atomic-threat-coverage
14
0
Fork 0
mirror of https://github.com/valitydev/atomic-threat-coverage.git synced 2024-11-07 09:58:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f79f50bec3
atomic-threat-coverage/Atomic_Threat_Coverage/Triggers/T1065.md
yugoslavskiy f79f50bec3 changed directories names
2019-02-12 04:55:11 +01:00

1.4 KiB
Raw Blame History

T1065 - Uncommonly Used Port

Description from ATT&CK

Adversaries may conduct C2 communications over a non-standard port to bypass proxies and firewalls that have been improperly configured.

Atomic Tests


Atomic Test #1 - Testing usage of uncommonly used port with PowerShell

Testing uncommonly used port utilizing PowerShell

Supported Platforms: Windows

Inputs

Name Description Type Default Value
port Specify uncommon port number String 8081
domain Specify target hostname String google.com

Run it with powershell!

test-netconnection -ComputerName #{domain} -port #{port}


Atomic Test #2 - Testing usage of uncommonly used port

Testing uncommonly used port utilizing telnet.

Supported Platforms: Linux, macOS

Inputs

Name Description Type Default Value
port Specify uncommon port number String 8081
domain Specify target hostname String google.com

Run it with sh!

telnet #{domain} #{port}