logo

Insufficient Egress Filtering: How Weak Outbound Controls Enable Attacks

ID: 33de7d8a-bca8-525a-ab8e-5cee4296c6b9

STIX ID: report--33de7d8a-bca8-525a-ab8e-5cee4296c6b9

Feed Name: Black Hills Infosec Blog

Threat Score
55/100

Date Published: 2026-06-24

Date Updated: 2026-06-24

Author: BHIS

...
...

### Executive Summary This guidance document explains risks from insufficient egress filtering, provides testing procedures (outbound TCP/ICMP checks), and details common attacker abuse techniques such as SSH tunnels for C2, covert ICMP/DNS channels, and outbound SMB-based credential theft and relay; it emphasizes restricting outbound ports/protocols and monitoring to reduce attack surface and detection workload.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.