312-50V10 · Question #839
Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavior of the adversary I
The correct answer is A. use of command-line interface. Clark creates multiple domains pointing to the same host and rotates between them to avoid detection, a technique classified as use of command-line interface in adversary behavior.
Question
Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavior of the adversary In the above scenario.
Options
- Ause of command-line interface
- BData staging
- CUnspecified proxy activities
- DUse of DNS tunneling
How the community answered
(56 responses)- A84% (47)
- B2% (1)
- C5% (3)
- D9% (5)
Why each option
Clark creates multiple domains pointing to the same host and rotates between them to avoid detection, a technique classified as use of command-line interface in adversary behavior.
In adversary operational tradecraft, use of the command-line interface refers to leveraging CLI-based scripting and automation to configure and manage multiple domain entries that resolve to the same host, enabling rapid domain rotation to evade detection and blacklisting. Attackers script DNS record creation and switching via command-line DNS management tools, making infrastructure appear to change frequently while maintaining control over the same underlying host. This behavior is categorized as CLI-driven infrastructure manipulation to confuse defenders and avoid signature-based blocking.
Data staging refers to the aggregation and temporary storage of stolen data on a compromised system or intermediate server prior to exfiltration, not domain configuration or rotation.
Unspecified proxy activities involve routing attack traffic through proxy servers or intermediaries to obscure the origin IP address, which is distinct from configuring multiple domains to resolve to the same host.
DNS tunneling encodes command-and-control communications or data within DNS query and response packets to bypass network monitoring, which is different from creating multiple pointing domains to evade detection.
Concept tested: Adversary use of multiple domains for detection evasion
Source: https://attack.mitre.org/techniques/T1059/
Topics
Community Discussion
No community discussion yet for this question.