Domain Borrowing - Catch My C2 Traffic if You Can
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a new method for concealing Command and Control (C2) traffic using Content Delivery Networks (CDNs) in this 35-minute Black Hat conference talk. Learn about the limitations of domain fronting and domain hiding techniques, and discover how to circumvent censorship by leveraging CDN workflows. Delve into the concept of Domain Borrowing, including abandoning DNS, abusing CDN domain validation, and obtaining valid HTTPS certificates. Compare Domain Borrowing to other techniques, discuss detection methods and mitigation strategies, and understand how to bypass Palo Alto Firewalls. Gain insights from speakers Tianze Ding and Junyu Zhou on advanced red team tactics for protecting C2 infrastructure.
Syllabus
Intro
Outline
Domain Fronting - Limitations
Domain Hiding - Limitations
What we want for an ideal C2
The HTTPS CDN workflow
Domian Borrowing Basics - Abandon DNS
Abusing CDN domain validation
When CDN can't find the certificate
Borrow arbitrary domain
Obtain valid HTTPS certificates
CDN domain validation bypass
CDN HTTPS certificates distribution
Borrow valid HTTPS certificates
Domain Borrowing vs. Others
Detection
Mitigation
Bypass Palo Alto Firewall
Taught by
Black Hat
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network