Mar 18, 2019
Shout-out to Thomas…
Tried to meetup while at SEA comic-con
Hacker’s Health - Ms. Roddie is at TROOPERS (Ms. Berlin?)
SpecterOps Training / workshopCon - https://www.workshopcon.com/events
Zach Ruble- @sendrublez
C2 infra using Public WebApps
TARCE - Teaching Assistant RCE(?) - they run your code every week, don’t check for backdoors before running it...
Local HTTPd server (bashfile)
Python scrapes web server
-Malware and client
3 Requirements of a C2
-victim receives commands
-Send results back
Web server serving a static file
Malware on machine scraping site with python requests and executing it as commands.
State change = change the text field
Long haul/short haul server
Long haul - regain persistence
Short haul - sends commands to victims
Slack as C2 - Blends in to the Env
Send and receive messages
Using Real Time Messaging API
Reddit as a C2
Using Google search results as
Would Google Algos see odd behavior of hundreds of hosts searching for the same thing?
Log file analysis?
How can we protect against this?
C2 News (If we go short) :
Check out our Store on Teepub! https://brakesec.com/store
Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email email@example.com
#Youtube Channel: http://www.youtube.com/c/BDSPodcast
#iTunes Store Link: https://brakesec.com/BDSiTunes
#Google Play Store: https://brakesec.com/BDS-GooglePlay
Our main site: https://brakesec.com/bdswebsite
#iHeartRadio App: https://brakesec.com/iHeartBrakesec
Comments, Questions, Feedback: firstname.lastname@example.org
Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon
#Player.FM : https://brakesec.com/BDS-PlayerFM
#Stitcher Network: https://brakesec.com/BrakeSecStitcher
#TuneIn Radio App: https://brakesec.com/TuneInBrakesec