Weaponizing Real-world Applications as C2 (Command and Control)

“…This framework generally alludes to the strategies that adversaries can manipulate to facilitate undetected message exchange or payload delivery for Data Exfiltration (DE) or delivery stages. Subsumed within this classification are procedures such as encrypted Hypertext Transfer Protocol (HTTP), Traffic (EHT) [30], Custom DNS protocol (CDP), and Hypertext Transfer Protocol Secure (HTTPS) Protocol (HSP) [31]. In terms of liaising with the C2 server, malicious activities, or command execution (CE), can be effectuated through highly deceptive custom protocols, which convincingly masquerade as their legitimate counterparts.…”

Advanced Persistent Threats based on Supply Chain Vulnerabilities: Challenges, Solutions and Future Directions

“…This framework generally alludes to the strategies that adversaries can manipulate to facilitate undetected message exchange or payload delivery for Data Exfiltration (DE) or delivery stages. Subsumed within this classification are procedures such as encrypted Hypertext Transfer Protocol (HTTP), Traffic (EHT) [30], Custom DNS protocol (CDP), and Hypertext Transfer Protocol Secure (HTTPS) Protocol (HSP) [31]. In terms of liaising with the C2 server, malicious activities, or command execution (CE), can be effectuated through highly deceptive custom protocols, which convincingly masquerade as their legitimate counterparts.…”

Advanced Persistent Threats based on Supply Chain Vulnerabilities: Challenges, Solutions and Future Directions

Comprehensive C2 Analysis and Anomaly Detection in HTTP Traffic: A MongoDB-Based Approach

Lightweight Real-Time C&C Detection using Deep Learning for Zombie DNS Queries