Command, Control, and memes: Cordyceps + ant = zombie

Presented at CactusCon 12 (2024), Feb. 16, 2024, 3 p.m. (60 minutes).

Command-and-Control (C2) channels enable remote control of devices compromised through various means. Some C2s use network protocols to relay messages from the compromised asset to the C2 server. While others blend in with commonly used applications and websites that are not malicious and have legitimate use cases in the target environment, making it even harder to detect (e.g. Discord to relay C2 traffic). Deploying C2 requires knowledge to set up effectively. Components must be deployed and configured before a campaign can start and target assets are exploited to connect back to the C2 infrastructure to wait for commands and/or send gathered data. It is not a secret that automation helps reduce the risk of human error on repetitive tasks, helps obtain consistent results and decreases the time necessary to perform a set of steps. It can also be applied to the deployment and configuration of C2 infrastructure components such as frameworks, redirectors, and associated compute infrastructure. This talk intends to raise awareness on the functioning of what comprises a C2 deployment a Red Team can use during offensive cyber operations, how are its components deployed, configured, and secured as well as how this can all be performed in an automated manner. We’ll cover how an enterprise grade Red Team leverages Infrastructure as code with the goal of improving the security posture of the organization by spending less time doing ‘Sysadmin’ tasks and more time attacking!

Presenters:

  • pr0b3r7 - Lead, Offensive Security @ Fortune 40 ; Github: pr0b3r7; Chief Hacker @ Hacker Hermanos
    Robert is a seasoned offensive security professional with more than a decade of experience in Information Security. He started his career in the U.S. Marine Corps, working on secure telecommunications. Robert holds a master's degree in Cybersecurity, numerous IT certifications, and a background as an instructor at higher education institutions like the New Jersey Institute of Technology and American University. Robert is committed to sharing his knowledge and experiences for the benefit of others. He enjoys Brazilian steakhouses and cuddling with his pugs while writing Infrastructure as Code to automate Red Team Infrastructure. Robert is currently serving as a Lead of Offensive Security at a Fortune 50 insurance company.
  • Josh Huff - Senior Red Team Operator @Fortune 50 Company
    Josh Josh is an offensive security professional with more than 10 years in Information Security. He has an Associate's Degree in Computer Forensics and Security, as well as several certifications. He began his professional career in IT as a contractor for the US Army Corps of Engineers before moving to his current company where he has held roles both on the defensive and offensive sides of security. When not in the office Josh satisfies his curiosity exploring Red Team Infrastructure and Open Source Intelligence. He is a husband, father of two, and enjoys playing multiple instruments. Want an OSINT challenge - see if you can find his account for live streaming music. Currently Josh is Senior Red Team Operator at a fortune 50 insurance company.
  • slyf0x - Drone Hacker, Red Teamer, Malware Dev
    I am an Air Force Bomb Squad (EOD) veteran with experience working on the MQ-1 predator and MQ-9 Reaper. I am also a retired firefighter paramedic. I have 2 years of experience as a paid hacker and currently hold an FAA 107 pilots license and CRTO from Zero point Security. I am currently a drone hacker and red teamer/malware dev for Dark Wolf Solutions.

Links:

Similar Presentations: