Explore a new method for concealing Command and Control (C2) traffic using Content Delivery Networks (CDNs) in this 35-minute Black Hat conference talk. Learn about the limitations of domain fronting and domain hiding techniques, and discover how to circumvent censorship by leveraging CDN workflows. Delve into the concept of Domain Borrowing, including abandoning DNS, abusing CDN domain validation, and obtaining valid HTTPS certificates. Compare Domain Borrowing to other techniques, discuss detection methods and mitigation strategies, and understand how to bypass Palo Alto Firewalls. Gain insights from speakers Tianze Ding and Junyu Zhou on advanced red team tactics for protecting C2 infrastructure.
Overview
Syllabus
Intro
Outline
Domain Fronting - Limitations
Domain Hiding - Limitations
What we want for an ideal C2
The HTTPS CDN workflow
Domian Borrowing Basics - Abandon DNS
Abusing CDN domain validation
When CDN can't find the certificate
Borrow arbitrary domain
Obtain valid HTTPS certificates
CDN domain validation bypass
CDN HTTPS certificates distribution
Borrow valid HTTPS certificates
Domain Borrowing vs. Others
Detection
Mitigation
Bypass Palo Alto Firewall
Taught by
Black Hat
