The goal of our session is to prove that persistent and resilient C&C infrastructure is not the sole property of high-end threat actors. Hence defenders must prepare for this new age of stealthy campaigns. We discuss the evolution of evasive C&C based on evidence from actual campaigns. We show the pitfalls of state of the art techniques, and present a new approach to C&C. This new approach is based on public infrastructure. We show how this technique is applied to an OTS backdoor
