Common Information
| Type | Value |
|---|---|
| Value |
Connection Proxy - T1090 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | A connection proxy is used to direct network traffic between systems or act as an intermediary for network communications. Many tools exist that enable traffic redirection through proxies or port redirection, including HTRAN, ZXProxy, and ZXPortMap. (Citation: Trend Micro APT Attack Tools) The definition of a proxy can also be expanded out to encompass trust relationships between networks in peer-to-peer, mesh, or trusted connections between networks consisting of hosts or systems that regularly communicate with each other. The network may be within a single organization or across organizations with trust relationships. Adversaries could use these types of relationships to manage command and control communications, to reduce the number of simultaneous outbound network connections, to provide resiliency in the face of connection loss, or to ride over existing trusted communications paths between victims to avoid suspicion. Detection: Processes utilizing the network that do not normally have network communication or have never been seen before are suspicious. Network activities disassociated from user-driven actions from processes that normally require user direction are suspicious. Analyze network data for uncommon data flows (e.g., a client sending significantly more data than it receives from a server or between clients that should not or often do not communicate with one another). Processes utilizing the network that do not normally have network communication or have never been seen before are suspicious. Analyze packet contents to detect communications that do not follow the expected protocol behavior for the port that is being used. (Citation: University of Birmingham C2) Platforms: Linux, macOS, Windows Data Sources: Process use of network, Process monitoring, Netflow/Enclave netflow, Packet capture Requires Network: Yes Contributors: Walker Johnson |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2025-01-01 | 11 | Visionaries Have Democratised Remote Network Access – Citrix Virtual Apps and Desktops (CVE Unknown) | CTF导航 | ||
| Details | Website | 2024-12-30 | 27 | Interlab 인터랩 | Cyber Threat Report: RambleOn Android Malware | ||
| Details | Website | 2024-12-08 | 2 | Exploring Chrome’s CVE-2020-6418 – Part1 — Haboob | ||
| Details | Website | 2024-11-17 | 1 | CVE Explained: Breaking Down the Windows KDC Proxy Vulnerability (CVE-2024–43639) | ||
| Details | Website | 2024-11-17 | 0 | Which Foreign Country is Cheapest to Travel? Top Budget Destinations! | ||
| Details | Website | 2024-11-16 | 9 | Overpass — TryHackMe CTF Walkthrough | ||
| Details | Website | 2024-11-16 | 90 | From Royal to BlackSuit: Understanding the Tactics and Impact of a Sophisticated Ransomware Strain | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-11-16 | 0 | GZR Observer Daily — Nov 16, 2024 | ||
| Details | Website | 2024-11-16 | 0 | Understanding Foreign Information Manipulation and Interference (FIMI): A Growing Global Threat | ||
| Details | Website | 2024-11-16 | 3 | Web Fr1da — Pentest Tool for Android | ||
| Details | Website | 2024-11-15 | 0 | BlackArch Linux Tools | ||
| Details | Website | 2024-11-15 | 0 | Web Siteleri ve platform Neden IP Adreslerini Kaydederler ? | ||
| Details | Website | 2024-11-15 | 14 | Insecure Deserialization 2 — DotNetNuke Cookie Zafiyeti | ||
| Details | Website | 2024-11-15 | 38 | BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA | ||
| Details | Website | 2024-11-15 | 38 | BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA | ||
| Details | Website | 2024-11-15 | 3 | TryHackMe | Firewall Fundamentals | WriteUp | ||
| Details | Website | 2024-11-15 | 8 | Proving Grounds Practice — Flimsy | ||
| Details | Website | 2024-11-15 | 38 | Dark Web Profile: Cadet Blizzard | ||
| Details | Website | 2024-11-15 | 4 | Black Basta Ransomware Leveraging Social Engineering For Malware Deployment | ||
| Details | Website | 2024-11-15 | 12 | Fortifying Your Applications: An Exhaustive Guide to Defending Against Remote Code Execution (RCE)… | ||
| Details | Website | 2024-11-15 | 8 | Earn $5000 After Learning How to Bypass the Rate Limiting for API Bug Hunting . | ||
| Details | Website | 2024-11-15 | 103 | Microsoft's Security Update in November on High-Risk Vulnerabilities in Multiple Products - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. | ||
| Details | Website | 2024-11-15 | 1 | Top 5 Malware Network Traffic Analysis Tools 2024. | ||
| Details | Website | 2024-11-15 | 1 | Busting Ransomware’s Billion-Dollar Boom with Network Observability and Security | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-11-15 | 5 | The Good, the Bad and the Ugly in Cybersecurity - Week 46 |