Insufficient Egress Filtering: How Weak Outbound Controls Enable Attacks
ID: 33de7d8a-bca8-525a-ab8e-5cee4296c6b9
STIX ID: report--33de7d8a-bca8-525a-ab8e-5cee4296c6b9
Feed Name: Black Hills Infosec Blog
Threat Score
### Executive Summary This guidance document explains risks from insufficient egress filtering, provides testing procedures (outbound TCP/ICMP checks), and details common attacker abuse techniques such as SSH tunnels for C2, covert ICMP/DNS channels, and outbound SMB-based credential theft and relay; it emphasizes restricting outbound ports/protocols and monitoring to reduce attack surface and detection workload.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
