YoVDO

Abusing Webhooks for Command and Control

Offered By: NorthSec via YouTube

Tags

NorthSec Courses Cybersecurity Courses Network Security Courses Continuous Integration Courses Webhooks Courses

Course Description

Overview

Explore a technique for establishing outbound network connectivity using HTTP callbacks (webhooks) in this 25-minute NorthSec conference talk. Learn about webhooks, their organizational uses, and how to leverage approved sites as communication brokers. Discover methods for data transfers, asynchronous command execution, and creating command-and-control communication while bypassing strict defensive proxies and avoiding attribution. Examine a tool that utilizes broker websites to work with external C2 using webhooks. Cover topics including webhook users like GitHub and Octopus, delivery mechanisms, real-time communication, and continuous integration.

Syllabus

Intro
Who uses Webhooks
GitHub
Octopus
Delivery mechanism
Delivery demo
Realtime communication
Continuous integration


Taught by

NorthSec

Related Courses

Web Engineering III: Quality Assurance
Technische Hochschule Mittelhessen via iversity Introduction to Cloud Infrastructure Technologies
Linux Foundation via edX DevOps for Developers: How to Get Started
Microsoft via edX Accelerate Software Delivery using DevOps
Microsoft via edX Building R Packages
Johns Hopkins University via Coursera