During a penetration test, a specialized infiltration tool is installed on several machines to maintain continuous remote access. The testers notice that traffic patterns are triggering alerts on monitoring systems. Which technique helps reduce detection from perimeter scanning solutions?
Masking flows using domain fronting to blend with trusted outbound traffic
Sending large bursts of data continuously to the same remote addresses
Disabling logs on the compromised devices for event capture avoidance
Setting up an unencrypted channel on a nonstandard port for reduced visibility
Masking network flows with domain fronting sends traffic through widely trusted services, blending it with legitimate user data. This creates a more subtle channel that security solutions may treat as normal communications. In contrast, relying on an unencrypted channel on a nonstandard port can appear suspicious, sending data in large, continuous bursts to the same addresses draws attention, and disabling logs does not affect how network-based products flag strange traffic.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is domain fronting?
Open an interactive chat with Bash
Why is masking traffic with trusted domains effective?
Open an interactive chat with Bash
How do perimeter scanning solutions detect suspicious traffic?