Skip to content

Add SAFE-T1901: Outbound Webhook C2#102

Open
saurabh-yergattikar wants to merge 1 commit intosafe-agentic-framework:mainfrom
saurabh-yergattikar:feat/SAFE-T1901-outbound-webhook-c2
Open

Add SAFE-T1901: Outbound Webhook C2#102
saurabh-yergattikar wants to merge 1 commit intosafe-agentic-framework:mainfrom
saurabh-yergattikar:feat/SAFE-T1901-outbound-webhook-c2

Conversation

@saurabh-yergattikar
Copy link
Contributor

@saurabh-yergattikar saurabh-yergattikar commented Nov 8, 2025

Summary

This PR adds the new Command & Control technique SAFE-T1901 – Outbound Webhook C2, expanding SAFE-MCP coverage of C2 tactics.

Details

  • Describes how adversaries abuse outbound HTTP webhooks as covert command-and-control channels in MCP environments.
  • Mapped to MITRE ATT&CK T1567.004 (Exfiltration Over Webhook).
  • Includes validated references (MITRE, CISA, HackerOne, Invicti).
  • Provides detection guidance (network + host indicators + Sigma rule).
  • Adds practical mitigations (egress allow-listing, proxy filtering, signed webhooks).

Validation

✅ Markdown validated locally
✅ DCO sign-off included
✅ Root README table linked to /techniques/SAFE-T1901/README.md
✅ Follows SAFE-MCP Contributor Guide format

Type of Contribution

  • ✅ New Technique
  • New Mitigation
  • Update to existing content
  • Documentation improvement

Checklist

Related Issues

Closes #[issue-number] (if applicable)

@saurabh-yergattikar saurabh-yergattikar force-pushed the feat/SAFE-T1901-outbound-webhook-c2 branch from 23324ec to 265c425 Compare November 15, 2025 19:30
Signed-off-by: hackathons-saurabh <saurabh.ssy@gmail.com>
@saurabh-yergattikar saurabh-yergattikar force-pushed the feat/SAFE-T1901-outbound-webhook-c2 branch from 265c425 to 1f7176d Compare November 15, 2025 19:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant