Command and Control (18 techniques)
Communicating with compromised systems to control them.
The Command and Control tactic groups MITRE ATT&CK techniques used by adversaries tocommunicating with compromised systems to control them. Each technique below has its own page with detection guidance, platforms, and sub-techniques.
- T1001 - Data ObfuscationESXi, Linux, macOS, Windows
- T1008 - Fallback ChannelsESXi, Linux, macOS, Windows
- T1071 - Application Layer ProtocolLinux, macOS, Windows, Network Devices, ESXi
- T1090 - ProxyESXi, Linux, macOS, Network Devices, Windows
- T1092 - Communication Through Removable MediaLinux, macOS, Windows
- T1095 - Non-Application Layer ProtocolESXi, Linux, macOS, Network Devices, Windows
- T1102 - Web ServiceESXi, Linux, macOS, Windows
- T1104 - Multi-Stage ChannelsLinux, macOS, Windows, ESXi
- T1105 - Ingress Tool TransferESXi, Linux, macOS, Network Devices, Windows
- T1132 - Data EncodingESXi, Linux, macOS, Windows
- T1205 - Traffic SignalingLinux, macOS, Network Devices, Windows
- T1219 - Remote Access ToolsLinux, macOS, Windows
- T1568 - Dynamic ResolutionESXi, Linux, macOS, Windows
- T1571 - Non-Standard PortESXi, Linux, macOS, Windows
- T1572 - Protocol TunnelingESXi, Linux, macOS, Windows
- T1573 - Encrypted ChannelESXi, Linux, macOS, Network Devices, Windows
- T1659 - Content InjectionLinux, macOS, Windows
- T1665 - Hide InfrastructureESXi, Linux, macOS, Network Devices, Windows
Detection engineering training, taught by practitioners.
Learn how to build real detections across the MITRE ATT&CK framework.
View Courses