Summary
In this chapter, we've seen a vast number of strategies both on the offensive and defensive side. From the offensive perspective, we've seen many types of anonymity networks and ways to protect the identity and infrastructure of attackers, including in competition networks such as CCDC. We also looked at how attackers can use public dump sites or compromised 3rd party infrastructure to anonymously exfiltrate data too. We also learned several ways that defenders can monitor these sites through active scraping. One of the biggest lessons from this chapter in terms of offensive strategy was program security. The offensive team needs to protect their infrastructure and tools, which means keeping infrastructure offline when it's not being used and being vigilant about when weaponized tools have been exposed. Attackers will want unique IP addresses and hashes for each operation, as any overlap in infrastructure can reveal a connection between multiple campaigns.
...
