DEF CON 31 - The Art of Compromising C2 Servers A Web App Vulns Perspective

DEF CON 31 - The Art of Compromising C2 Servers A Web App Vulns Perspective - Vangelis Stykas

Рет қаралды 11,008

8 ай бұрын

C2 servers of mobile and Windows malware are usually left to their own fate after they have been discovered and the malware is no longer effective. We are going to take a deep dive into the rabbit hole of attacking and owning C2 servers, exposing details about their infrastructure, code bases, and the identity of the companies and individuals that operate and profit from them.
While understanding and reversing malware is a highly skilled procedure, attacking the C2 itself rarely requires a lot of technical skills. Most of the C2 servers have the same typical HTTP problems that can be detected by off-the-shelf vulnerability scanners.
By exploiting low-hanging fruit vulnerabilities, an attacker can obtain unauthorized access to administrative functions, allowing them to command thousands of devices and further explore other attack vectors. This can give them access to administrator panels and malware source code, and result in the identity of threat actors being exposed.

Пікірлер: 14

@majdps995 7 ай бұрын

Great talk! Pawning C2s is something that I wanted to test a long time ago but was lazy to do it. Many C2s that are made by none state sponsored criminals are of mid-low quality and does not follow any best practices at all. It is because they put most of the work in their malware itself and most of that work comprises of copying and pasting code from other sources, even if they don't understand what the code does. Very few out there that really take care of their opsec and the security of their malware. I would say that many C2s have become better than before in terms of security, and this is due to the adoption of web frameworks such as laravel and django. However, as demonstrated in the video, they still have bad security because of bad practices.

@fiendlybrds 8 ай бұрын

2x speed, this is a great talk.

@anastasiszaro 8 ай бұрын

typical Greek speaking English xD Bonus: if you're Greek in Thessaloniki then you also have the same speed when speaking Greek

@LasArmas_ 8 ай бұрын

Thank you from an Anxrquista

@deeglik 8 ай бұрын

Brilliant Talk!!!!

@iwuvu5940 8 ай бұрын

Keep uploading these videos, people like me actually listen to these to learn stuff about hacking

@MrMitchell699 8 ай бұрын

So why didn't he hit the delete all button?

@TheCramik 8 ай бұрын

because they would rebuild on different servers, patch issues, etc. The longterm effects of leaving cronjobs that only delete small portions and backdoors is likely to be more significant