Flying a False Flag: Advanced C2, Trust Conflicts, and Domain Takeover

Channel:
United States All Hacking Cons
Subscribers:
6,000
Published on ● Video Link: https://www.youtube.com/watch?v=bZPaN5HX_bQ


Duration: 44:05
8 views
0

Nick Landers | Technical Lead, Silent Break Security
Location: Jasmine
Date: Wednesday, August 7 | 4:00pm-4:50pm
Format: 50-Minute Briefings
Track: Malware

Command and Control (C2) is at the center of successful malware development. Given the importance of reliable C2 for stable malware, it is also a core focus for many defensive teams. What happens though, when malware authors take advantage of shiny new cloud services, high level layer 7 abstractions, large-scale takeover primitives, and 3rd party trust? Do domains, IPs, or servers still matter?

This talk will discuss the methodology, selection process, and challenges of modern C2. It will cover the details of recent HTTP/S advancements and tooling for new cloud service primitives such as SQS, AppSpot, S3, and CloudFront. We will demonstrate how trust can be abused for stealthy C2 techniques via internal mail servers, defensive platforms, and trusted domains. We will also cover the various options for domain takeover, and release tooling for exploiting domain takeover scenarios in Amazon Web Services (AWS), Azure, and Google Cloud Platform (GCP).

What flags do you trust?

Black Hat - USA - 2019 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2022-01-07All the 4G Modules Could be Hacked!
2022-01-07Exploiting the Hyper V IDE Emulator to Escape the Virtual Machine
2022-01-07Infighting Among Russian Security Services in the Cyber Sphere
2022-01-07All Your Apple are Belong to Us: Unique Identification and Cross-Device Tracking of Apple Devices
2022-01-07Exploring the New World : Remote Exploitation of SQLite and Curl
2022-01-07Firmware Cartography: Charting the Course for Modern Server Compromise
2022-01-07API-Induced SSRF: How Apple Pay Scattered Vulnerabilities Across the Web
2022-01-07Fantastic Red-Team Attacks and How to Find Them
2022-01-07Arm IDA and Cross Check Reversing the Boeing 787's Core Network
2022-01-07Finding a Needle in an Encrypted Haystack: Detect the Most Prevalent Attacks on Active Directory
2022-01-07Flying a False Flag: Advanced C2, Trust Conflicts, and Domain Takeover
2022-01-07Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD)
2022-01-07GDPArrrrr: Using Privacy Laws to Steal Identities
2022-01-07Finding Our Path: How We're Trying to Improve Active Directory Security
2022-01-07Ghidra - Journey from Classified NSA Tool to Open Source
2022-01-07Bounty Operations: Best Practices and Common Pitfalls to Avoid in the First 6-12 Months
2022-01-07Attacking Electric Motors for Fun and Profit
2022-01-07Death to the IOC What's Next in Threat Intelligence
2022-01-07Going Beyond Coverage-Guided Fuzzing with Structured Fuzzing
2022-01-07Debug for Bug Crack and Hack Apple Core by Itself
2022-01-07Hacking Ten Million Useful Idiots: Online Propaganda as a Socio-Technical Security Project


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
virus
information
hack
crime
password
code
web
concept
network
scam
malware
software
access
safety
theft
system
privacy
account
spy
programmer
program
spyware
hacked
hacking conference
conference
learn
2022
cybersecurity
owned
google
securing
exploit
exploitation
recon
Nick Landers
false flag
advanced c2
trust conflicts
domain takeover
command and control
google cloud platform
GCP
AWS
Amazon web services