DEF CON 31 - The Art of Compromising C2 Servers A Web App Vulns Perspective - Vangelis Stykas
ฝัง
- เผยแพร่เมื่อ 15 ก.ย. 2023
- C2 servers of mobile and Windows malware are usually left to their own fate after they have been discovered and the malware is no longer effective. We are going to take a deep dive into the rabbit hole of attacking and owning C2 servers, exposing details about their infrastructure, code bases, and the identity of the companies and individuals that operate and profit from them.
While understanding and reversing malware is a highly skilled procedure, attacking the C2 itself rarely requires a lot of technical skills. Most of the C2 servers have the same typical HTTP problems that can be detected by off-the-shelf vulnerability scanners.
By exploiting low-hanging fruit vulnerabilities, an attacker can obtain unauthorized access to administrative functions, allowing them to command thousands of devices and further explore other attack vectors. This can give them access to administrator panels and malware source code, and result in the identity of threat actors being exposed. - วิทยาศาสตร์และเทคโนโลยี
![[Full Episode] MasterChef Junior Thailand มาสเตอร์เชฟ จูเนียร์ ประเทศไทย Season 3 Episode 1](http://i.ytimg.com/vi/Qs5zdBqLn_8/mqdefault.jpg)
Great talk!
Pawning C2s is something that I wanted to test a long time ago but was lazy to do it.
Many C2s that are made by none state sponsored criminals are of mid-low quality and does not follow any best practices at all. It is because they put most of the work in their malware itself and most of that work comprises of copying and pasting code from other sources, even if they don't understand what the code does. Very few out there that really take care of their opsec and the security of their malware.
I would say that many C2s have become better than before in terms of security, and this is due to the adoption of web frameworks such as laravel and django. However, as demonstrated in the video, they still have bad security because of bad practices.
Brilliant Talk!!!!
Keep uploading these videos, people like me actually listen to these to learn stuff about hacking
Thank you from an Anxrquista
2x speed, this is a great talk.
typical Greek speaking English xD
Bonus: if you're Greek in Thessaloniki then you also have the same speed when speaking Greek
Great talk STÖK
Here, for you to copy paste, ö Ö
@@andrewferguson6901 Thanks man :)
So why didn't he hit the delete all button?
because they would rebuild on different servers, patch issues, etc. The longterm effects of leaving cronjobs that only delete small portions and backdoors is likely to be more significant
Working together we can do better
If you dont know what a botnet is ..................... 😁