filmov
tv
#Hacktivity2021 // C2Centipede: APT Level C2 Communications for Common Reverse HTTP Shell Tools
Показать описание
Jose Garduño - C2Centipede: APT Level C2 Communications for Common Reverse HTTP Shell Tools
This presentation was held at #Hacktivity2021 IT security conference on 8th October 2021.
Adversaries have been continuously improving their malware to be stealthier and more resilient on both the victim’s host as well as on the network. Examples of these innovations on the latter include Fast Flux networks, Domain Generation Algorithms and Domain Fronting among other techniques. Unfortunately, open source tools for threat emulation currently have limited support for such advanced features, leaving redteams with easy to detect C2 communications. We present C2Centipede, a proxy tool that provides these features to HTTP reverse shell tools (like Metasploit or Empire) to be stealthier on the network by dynamically and transparently modifying the trojan’s C2 communication routing and beaconing strategies, with the aim of evading some of the blueteam’s detection strategies.
#HACKTIVITY is the biggest event of its kind in Central & Eastern Europe. About 1000 visitors are coming from all around the globe every year to learn more about the latest trends of cybersecurity, get inspired by people with similar interest and develop themselves via comprehensive workshops and training sessions.
This presentation was held at #Hacktivity2021 IT security conference on 8th October 2021.
Adversaries have been continuously improving their malware to be stealthier and more resilient on both the victim’s host as well as on the network. Examples of these innovations on the latter include Fast Flux networks, Domain Generation Algorithms and Domain Fronting among other techniques. Unfortunately, open source tools for threat emulation currently have limited support for such advanced features, leaving redteams with easy to detect C2 communications. We present C2Centipede, a proxy tool that provides these features to HTTP reverse shell tools (like Metasploit or Empire) to be stealthier on the network by dynamically and transparently modifying the trojan’s C2 communication routing and beaconing strategies, with the aim of evading some of the blueteam’s detection strategies.
#HACKTIVITY is the biggest event of its kind in Central & Eastern Europe. About 1000 visitors are coming from all around the globe every year to learn more about the latest trends of cybersecurity, get inspired by people with similar interest and develop themselves via comprehensive workshops and training sessions.
0:39:47
1:09:17
0:47:54
0:40:01
0:06:58
0:07:27
0:15:26
0:09:20
1:41:19
1:12:49
1:00:42
0:55:04