Explore advanced command and control (C2) techniques, trust exploitation, and domain takeover strategies in this 44-minute Black Hat conference talk. Delve into the methodology and challenges of modern C2, including recent HTTP/S advancements and cloud service primitives like SQS, AppSpot, S3, and CloudFront. Learn how to abuse trust for stealthy C2 through internal mail servers, defensive platforms, and trusted domains. Discover various domain takeover options and gain insights into newly released tools for exploiting takeover scenarios in major cloud platforms such as AWS, Azure, and GCP. Access the full abstract and presentation slides for a comprehensive understanding of these cutting-edge cybersecurity concepts.
Overview
Syllabus
Flying a False Flag: Advanced C2, Trust Conflicts, and Domain Takeover
Taught by
Black Hat