![]() ![]() By leveraging Patch System Image, adversaries can add custom code to the affected network devices that will implement onion routing between those nodes. ![]() ![]() In the case of network infrastructure, particularly routers, it is possible for an adversary to leverage multiple compromised devices to create a multi-hop proxy chain within the Wide-Area Network (WAN) of the enterprise. A particular variant of this behavior is to use onion routing networks, such as the publicly available TOR network. This technique makes identifying the original source of the malicious traffic even more difficult by requiring the defender to trace malicious traffic through several proxies to identify its source. Typically, a defender will be able to identify the last proxy traffic traversed before it enters their network the defender may or may not be able to identify any previous proxies before the last-hop proxy. To disguise the source of malicious traffic, adversaries may chain together multiple proxies. Try it using Invoke-Atomic Proxy: Multi-hop Proxy Description from ATT&CK Atomic Test #5 - Tor Proxy Usage - FreeBSD.Atomic Test #4 - Tor Proxy Usage - MacOS.Atomic Test #3 - Tor Proxy Usage - Debian/Ubuntu.Atomic Test #2 - Tor Proxy Usage - Windows. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |