2019-010-Zach_Ruble-building_a_better_cheaper_C2_infra
Published March 18, 2019
|
72 min
    Download
    Add to queue
    Copy URL
    Show notes

    Shout-out to Thomas…

        Tried to meetup while at SEA comic-con

    Patreon

    Log-MD

    Hacker’s Health - Ms. Roddie is at TROOPERS (Ms. Berlin?)

    4 podcasts?

    SpecterOps Training / workshopCon  - https://www.workshopcon.com/events

    Zach Ruble- @sendrublez

    C2 infra using Public WebApps

    TARCE - Teaching Assistant RCE(?) - they run your code every week, don’t check for backdoors before running it...

    C2 Basics

        Local HTTPd server (bashfile)

        Python scrapes web server

    3 components

    -Servers

    -Communication channels

    -Malware and client

    -

    3 Requirements of a C2

    -victim receives commands

    -Vic executes

    -Send results back

    Web server serving a static file

    Malware on machine scraping site with python requests and executing it as commands.

    Crontab @reboot

     

    State change = change the text field

    https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-britney-spears-instagram-posts-to-control-malware/

    https://uwbacm.com/

     

    Long haul/short haul server

    Long haul - regain persistence

    Short haul - sends commands to victims

     

    Slack as C2 - Blends in to the Env

        Send and receive messages

        Using Real Time Messaging API

    https://3xpl01tc0d3r.blogspot.com/2018/06/how-to-use-slack-as-c2-sever.html

    https://link.springer.com/chapter/10.1007/978-3-319-27137-8_24

    https://glitch.com/

    Https://github.com/bkup/SlackShell

     

    Reddit as a C2

        “Reddit Rising”

     

    Glitch.com

        Serverless platform

     

    Using Google search results as

        Would Google Algos see odd behavior of hundreds of hosts searching for the same thing?

    Log file analysis?

        How can we protect against this?

    C2 News (If we go short) :

    https://www.zdnet.com/article/outlaws-shellbot-infects-servers-for-monero-mining

    Automating OSINT

    https://twitter.com/jms_dot_py

    http://www.automatingosint.com/blog/

     

    Check out our Store on Teepub! https://brakesec.com/store

    Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

    #Brakesec Store!:https://www.teepublic.com/user/bdspodcast

    #Spotifyhttps://brakesec.com/spotifyBDS

    #RSShttps://brakesec.com/BrakesecRSS

    #Youtube Channel:  http://www.youtube.com/c/BDSPodcast

    #iTunes Store Link: https://brakesec.com/BDSiTunes

    #Google Play Store: https://brakesec.com/BDS-GooglePlay

    Our main site:  https://brakesec.com/bdswebsite

    #iHeartRadio App:  https://brakesec.com/iHeartBrakesec

    #SoundCloudhttps://brakesec.com/SoundcloudBrakesec

    Comments, Questions, Feedback: bds.podcast@gmail.com

    Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

    https://brakesec.com/BDSPatreon

    #Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

    #Player.FM : https://brakesec.com/BDS-PlayerFM

    #Stitcher Network: https://brakesec.com/BrakeSecStitcher

    #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

      15
      15
        0:00:00 / 0:00:00