Showing Posts About

• Alfie Champion
• 15 Jul 2020

Attack Detection Fundamentals: C2 and Exfiltration - Lab #1

This article demonstrates detection techniques for PowerShell Empire's Command and Control (C2) traffic. Network indicators like default URIs, user agents, and server responses are analyzed to identify potential malicious communication patterns. A Snort rule is developed to detect these specific network traffic characteristics associated with PowerShell Empire.