Date of Award

Spring 5-2021

Document Type

Honors Thesis

Degree Name

Bachelor of Arts

Department

Business

Advisor/Committee Chair

Sanjay Goel

Committee Member

Damira Pon

Abstract

Cybersecurity attacks and software used to perpetrate them are constantly evolving in the face of improved methods for detection and mitigation. An important element of cyber-attacks is use of Command & Control (C2) infrastructure to send commands and receive data from targets. A major issue with C2s is how to establish a persistent communication channel from compromised hosts to their server while avoiding detection. This work focuses on the development of a Proof- of-Concept (PoC) for a relatively novel raw-socket based C2 “JT” and includes a discussion of relevant C2 technologies/trends along with their corresponding techniques. The C2 development was informed by this past work. The development featured 2 sets of internal testing and development each followed by testing phases (at virtual cyber defense competitions held in Fall 2020 and Spring 2021). In both competitions, the C2 was run on Linux and FreeBSD platforms. In the first competition, two out of seven teams detected and removed the agent from their machines. After further development based on these results and implementation of additional defense evasion techniques, resulted in the C2 being undetected in the second competition. This work can be further built upon and refined for development of more advanced raw socket based C2s in the future.

Download

Included in

Business Commons

Share

COinS