As the most common outbound traffic is likely web traffic, lets emulate this. Even if neither of the above is blocked, anomalous outbound SSH traffic on any port is suspicious and may trigger alerts and/or attract unwanted attention from a threat hunter or analystĪs an attacker we always want to make any inbound/outbound traffic look as normal as possible to ensure the operational security of our campaign.Outbound SSH traffic over a non-standard port (22) may be blocked.Outbound SSH over port 22 may be blocked.But this requires an established external connection, where there are a few issues to consider: In campaigns I have performed, I have had scenarios where we needed to control a device remotely (such as a raspberry pi) where direct terminal access would be ideal (such as SSH). For example, maybe only web traffic over ports 80 (HTTP) and 443 (HTTPS) are allowed outbound from a given workstation. In certain environments, controls such as firewalls are in place that restrict outbound ports and protocols. SSL/TLS Tunneling to Bypass Filters & Avoid Detection
0 kommentar(er)
