Skip to content

Latest commit

 

History

History
63 lines (34 loc) · 1.48 KB

T1065.md

File metadata and controls

63 lines (34 loc) · 1.48 KB
Raw

T1065 - Uncommonly Used Port

Description from ATT&CK

Adversaries may conduct C2 communications over a non-standard port to bypass proxies and firewalls that have been improperly configured.

Atomic Tests


Atomic Test #1 - Testing usage of uncommonly used port with PowerShell

Testing uncommonly used port utilizing PowerShell

Supported Platforms: Windows

Inputs:

Name Description Type Default Value
port Specify uncommon port number String 8081
domain Specify target hostname String google.com

Attack Commands: Run with powershell!

test-netconnection -ComputerName #{domain} -port #{port}


Atomic Test #2 - Testing usage of uncommonly used port

Testing uncommonly used port utilizing telnet.

Supported Platforms: Linux, macOS

Inputs:

Name Description Type Default Value
port Specify uncommon port number String 8081
domain Specify target hostname String google.com

Attack Commands: Run with sh!

telnet #{domain} #{port}