Detecting callouts to command-and-control (C2) servers used to be straightforward, but attackers in your network have found ways to communicate with the outside world even under the heaviest of scrutiny. In this talk, we discuss ways to use popular websites as means of getting commands and exfiltrating information. We examine the applications of asymmetric communication, from Internet-accessible computers to embedded devices to air-gapped systems. Finally, we give some suggestions to defenders, and discuss how to detect and mitigate risks that enable asymmetric malware.

Andrew Johnston is an Associate Consultant with Mandiant, focusing in red-team operations. He has been apart of the information security community in various roles since 2007. He holds a Bachelors with a dual major in computer science and applied mathematics, and is current pursuing a Masters in cybersecurity.Anthony Motto is a cybersecurity researcher at Fordham University with a focus on using AI to combat terrorism. His other interests include fileless malware, anti forensics, and beer.

Recorded at BSides Philly 2017