A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Evading C2 Detection with Asymmetry - By Brandon Arvanaghi and Andrew Johnston BSides Philadelphia 2017 (Hacking Illustrated Series InfoSec Tutorial Videos)

Evading C2 Detection with Asymmetry
By Brandon Arvanaghi and Andrew Johnston

BSides Philadelphia 2017

Detecting callouts to command-and-control (C2) servers used to be straightforward, but attackers in your network have found ways to communicate with the outside world even under the heaviest of scrutiny. In this talk, we discuss ways to use popular websites as means of getting commands and exfiltrating information. We examine the applications of asymmetric communication, from Internet-accessible computers to embedded devices to air-gapped systems. Finally, we give some suggestions to defenders, and discuss how to detect and mitigate risks that enable asymmetric malware.

Andrew Johnston is an Associate Consultant with Mandiant, focusing in red-team operations. He has been apart of the information security community in various roles since 2007. He holds a Bachelors with a dual major in computer science and applied mathematics, and is current pursuing a Masters in cybersecurity.Anthony Motto is a cybersecurity researcher at Fordham University with a focus on using AI to combat terrorism. His other interests include fileless malware, anti forensics, and beer.

Recorded at BSides Philly 2017

Back to BSides Philly video list

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast