Command and Control Mechanisms for Post-Exploitation

Author

Connor Hummel, Louisiana State University and Agricultural and Mechanical CollegeFollow

Semester of Graduation

Fall

Degree

Master of Science (MS)

Department

Computer Science and Engineering

Document Type

Thesis

Abstract

The client-server model forms a core part of any existing network infrastructure. This interdependence between multiple client-server information systems means more vulnerabilities are open to exploitation. Once attackers gain control of an existing server, they can explore the vulnerabilities of a server system. To provide a more effective manner of defending against this type of persistent attack, this thesis aims to provide core information for understanding how post-exploitation of client-server systems works and an example attack scenario of a compromised system's behavior.

In this thesis, we identify several mechanisms used to control the attack flow and evade detection in the post-exploitation phase. Then, we enumerate recent malware using command and control (C2) mechanisms for conducting their attacks. Using lessons from malware like LummaC2 and the SolarWinds attack, we construct an attack scenario on a server system hosting a game service. Then, we investigate the details of the underlying service necessary to showcase the effect of the payload of the attack. After the scenario's conclusion, we show some ways to analyze the behavior of the attacker's C2 framework.

Date

10-30-2024

Recommended Citation

Hummel, Connor, "Command and Control Mechanisms for Post-Exploitation" (2024). LSU Master's Theses. 6043.
https://repository.lsu.edu/gradschool_theses/6043

Committee Chair

Gerald Baumgartner