Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088(Citation: Symantec Elfin Mar 2019) or port 587(Citation: Fortinet Agent Tesla April 2018) as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Testing uncommonly used port utilizing PowerShell. APT33 has been known to attempt telnet over port 8081. Upon execution, details about the successful port check will be displayed.
Supported Platforms: Windows
| Name | Description | Type | Default Value |
|---|---|---|---|
| port | Specify uncommon port number | String | 8081 |
| domain | Specify target hostname | String | google.com |
Test-NetConnection -ComputerName #{domain} -port #{port}Testing uncommonly used port utilizing telnet.
Supported Platforms: Linux, macOS
| Name | Description | Type | Default Value |
|---|---|---|---|
| port | Specify uncommon port number | String | 8081 |
| domain | Specify target hostname | String | google.com |
telnet #{domain} #{port}