Flying a False Flag: Advanced C2, Trust Conflicts, and Domain Takeover

Дата: 23.09.2019. Автор: CISO CLUB. Категории: Подкасты и видео по информационной безопасности

By Nick Landers

This talk will discuss the methodology, selection process, and challenges of modern C2. It will cover the details of recent HTTP/S advancements and tooling for new cloud service primitives such as SQS, AppSpot, S3, and CloudFront. We will demonstrate how trust can be abused for stealthy C2 techniques via internal mail servers, defensive platforms, and trusted domains. We will also cover the various options for domain takeover, and release tooling for exploiting domain takeover scenarios in Amazon Web Services (AWS), Azure, and Google Cloud Platform (GCP).

Full Abstract & Presentation Slides:


Об авторе CISO CLUB

Редакция портала Добавляйте ваш материал на сайт в разделе "Разместить публикацию".
Читать все записи автора CISO CLUB

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *