Presented at
DEF CON 33 (2025),
Aug. 9, 2025, 2 p.m.
(20 minutes).
This talk revisits Google Calendar RAT (GCR), a proof-of-concept released in 2023 by the speaker, demonstrating how Google Calendar can be abused for stealthy Command&Control (C2) communication. A similar technique was recently observed in the wild, used by the APT41 threat group during a real-world campaign, which highlights the growing interest in abusing trusted cloud services for covert operations.
Building on that concept, the talk introduces a new Golang-based tool that enables SOCKS tunneling over Google services, establishing covert data channels.
The session explores how common cloud platforms can be repurposed to support discreet traffic forwarding and evade traditional network monitoring. While some familiarity with tunneling and cloud services may be helpful, the talk is designed to be accessible and will walk attendees through all key concepts.
Whether you're a penetration tester, red teamer, or simply curious about creative abuse of cloud infrastructure, you’ll leave with fresh ideas and practical insights.
References:
- [link](https://github.com/MrSaighnal/GCR-Google-Calendar-RAT)
- [link](https://github.com/looCiprian/GC2-sheet)
- [link](https://lolc2.github.io/)
Presenters:
-
Valerio "MrSaighnal" Alessandroni
Valerio "MrSaighnal" Alessandroni is a seasoned offensive security professional with a lifelong passion for hacking. A former member of the Italian Army’s cyber units, he now leads EY Italy’s Offensive Security team, focusing on advanced red teaming and threat emulation.
He’s behind open-source tools like Google Calendar RAT (GCR) and he holds certifications including OSCP, OSEP, OSWE, OSWP, CRTO, eWPTX, eCPTX and more.
His bug bounty research has earned recognition from Microsoft, NASA, Harvard, and others. Off the keyboard, he rolls on the mat in Brazilian Jiu Jitsu and dreams of space exploration.
Similar Presentations: