Bypassing Cylance: Part 2 – Using DNSCat2
Summary
This article details methods for achieving command and control (C2) communication within an environment protected by Cylance, a cybersecurity solution. It specifically focuses on techniques to bypass Cylance's protection using DNSCat2.
IFF Assessment
FOE
The article describes a method to bypass a security product, which is bad news for defenders using that product.
Defender Context
Defenders using Cylance or similar endpoint protection solutions should be aware of techniques like those described, which leverage DNS for C2 communication. Monitoring DNS traffic for unusual patterns or the use of tools like DNSCat2 can help detect such bypass attempts.