Mar 18, 2019
Shout-out to Thomas…
Tried to meetup while at SEA comic-con
Patreon
Log-MD
Hacker’s Health - Ms. Roddie is at TROOPERS (Ms. Berlin?)
4 podcasts?
SpecterOps Training / workshopCon - https://www.workshopcon.com/events
Zach Ruble- @sendrublez
C2 infra using Public WebApps
TARCE - Teaching Assistant RCE(?) - they run your code every week, don’t check for backdoors before running it...
C2 Basics
Local HTTPd server (bashfile)
Python scrapes web server
3 components
-Servers
-Communication channels
-Malware and client
-
3 Requirements of a C2
-victim receives commands
-Vic executes
-Send results back
Web server serving a static file
Malware on machine scraping site with python requests and executing it as commands.
Crontab @reboot
State change = change the text field
Long haul/short haul server
Long haul - regain persistence
Short haul - sends commands to victims
Slack as C2 - Blends in to the Env
Send and receive messages
Using Real Time Messaging API
https://3xpl01tc0d3r.blogspot.com/2018/06/how-to-use-slack-as-c2-sever.html
https://link.springer.com/chapter/10.1007/978-3-319-27137-8_24
https://glitch.com/
Https://github.com/bkup/SlackShell
Reddit as a C2
“Reddit Rising”
Glitch.com
Serverless platform
Using Google search results as
Would Google Algos see odd behavior of hundreds of hosts searching for the same thing?
Log file analysis?
How can we protect against this?
C2 News (If we go short) :
https://www.zdnet.com/article/outlaws-shellbot-infects-servers-for-monero-mining
Automating OSINT
https://twitter.com/jms_dot_py
http://www.automatingosint.com/blog/
Check out our Store on Teepub! https://brakesec.com/store
Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com
#Brakesec Store!:https://www.teepublic.com/user/bdspodcast
#Spotify: https://brakesec.com/spotifyBDS
#RSS: https://brakesec.com/BrakesecRSS
#Youtube Channel: http://www.youtube.com/c/BDSPodcast
#iTunes Store Link: https://brakesec.com/BDSiTunes
#Google Play Store: https://brakesec.com/BDS-GooglePlay
Our main site: https://brakesec.com/bdswebsite
#iHeartRadio App: https://brakesec.com/iHeartBrakesec
#SoundCloud: https://brakesec.com/SoundcloudBrakesec
Comments, Questions, Feedback: bds.podcast@gmail.com
Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon
https://brakesec.com/BDSPatreon
#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir
#Player.FM : https://brakesec.com/BDS-PlayerFM
#Stitcher Network: https://brakesec.com/BrakeSecStitcher
#TuneIn Radio App: https://brakesec.com/TuneInBrakesec