Now you C(&C), now you don’t

Track 1 - Jungle

Thu, 30 Jun 2022 @ 13:40:00

The goal of our session is to prove that persistent and resilient C&C infrastructure is not the sole property of high-end threat actors. Hence defenders must prepare for this new age of stealthy campaigns. We discuss the evolution of evasive C&C based on evidence from actual campaigns. We show the pitfalls of state of the art techniques, and present a new approach to C&C. This new approach is based on public infrastructure. We show how this technique is applied to an OTS backdoor