Infosec Institute -
The MITRE ATT&CK framework defines a set of tactics or objectives that a cyberattacker may need to achieve in the course of their attack campaign. For each of these tactics, many techniques are defined to describe potential methods for accomplishing these goals.
Most types of malware are designed to communicate with their operators, enabling them to receive orders and send data back. Implementing these communications channels is the focus of the command and control tactic of the MITRE ATT&CK framework.
Introduction to encrypted channels
When implementing command and control infrastructure, confidentiality is a primary goal. If a cyber defender can see the communications between malware and its operator, then it is much easier to understand what the malware is doing and to eradicate the infection.
Command and control traffic can be concealed in a variety of different ways. One of the most effective is to use an encrypted channel.
Encryption algorithms are designed to protect data confidentiality, and they’re good at it. The encryption algorithms in common use today have undergone extensive testing and attempts by cryptographers to break them. For example, the Advanced Encryption Standard (AES) algorithm was selected by a multi-year conference where cryptographers from