Skip to main content
Cyber Defense TacticsCyber Defense Tactics
HomeLearnResourcesBlogCommunityPricing
Cyber Defense TacticsCyber Defense Tactics

Learn defensive security, leverage AI for cyber defense, and join a community of security professionals.

Learning

  • Blog
  • Resources
  • Newsletter

Community

  • Discord
  • YouTube
  • About

Legal

  • Privacy Policy
  • Terms of Service

© 2026 Cyber Defense Tactics. All rights reserved.

A Carbene.AI Project

Back to ATT&CK Hub
T1071

Application Layer Protocol

Command and Control
Featured

Adversaries may communicate using application layer protocols to avoid detection by blending in with existing traffic.

View on MITRE ATT&CK

Real-World Example

APT groups commonly use HTTPS for C2 communications, making traffic analysis difficult as it blends with legitimate web traffic.

Defense Strategies

  • SSL/TLS inspection
  • DNS monitoring
  • Network segmentation
  • Proxy authentication

Detection Methods

  • Analyze traffic patterns
  • Monitor for beaconing behavior
  • Track unusual protocol usage
  • Detect domain fronting

Related Techniques in Command and Control

T1105

Ingress Tool Transfer

Ready to learn more techniques and test your knowledge?