Date of Award
Bachelor of Arts
Cybersecurity attacks and software used to perpetrate them are constantly evolving in the face of improved methods for detection and mitigation. An important element of cyber-attacks is use of Command & Control (C2) infrastructure to send commands and receive data from targets. A major issue with C2s is how to establish a persistent communication channel from compromised hosts to their server while avoiding detection. This work focuses on the development of a Proof- of-Concept (PoC) for a relatively novel raw-socket based C2 “JT” and includes a discussion of relevant C2 technologies/trends along with their corresponding techniques. The C2 development was informed by this past work. The development featured 2 sets of internal testing and development each followed by testing phases (at virtual cyber defense competitions held in Fall 2020 and Spring 2021). In both competitions, the C2 was run on Linux and FreeBSD platforms. In the first competition, two out of seven teams detected and removed the agent from their machines. After further development based on these results and implementation of additional defense evasion techniques, resulted in the C2 being undetected in the second competition. This work can be further built upon and refined for development of more advanced raw socket based C2s in the future.
Matza, Jonathan, "Development of an Experimental C2 Utilizing Network Sockets" (2021). Business/Business Administration. 63.