AWS GuardDuty - Post-DNS Era Covert Channel For C&C
Offered By: Hack In The Box Security Conference via YouTube
Course Description
Overview
Explore advanced covert communication techniques for malware in this Hack In The Box Security Conference talk. Delve into the evolution of DNS tunneling and its detection by Network Intrusion Detection Systems (NIDS). Learn how malware can maintain stealthy communication channels by leveraging cloud services and Content Delivery Networks (CDNs). Discover a robust Command and Control (C&C) method using attacker-owned S3 buckets to evade AWS GuardDuty detection. Examine various AWS services that can be exploited for covert C&C and data exfiltration. Gain insights into mitigation strategies and common pitfalls to avoid when using public cloud services like AWS. Benefit from the speaker's extensive programming background and previous conference experiences to understand cutting-edge cybersecurity threats and defenses.
Syllabus
Introduction
Agenda
Timeline
DNS Tunneling
DNS Over HTTPS
NetworkBased Ideas
HostBased Ideas
SIM
Cloud services
Preparation
How it establishes
Three possible outcomes
AWS GuardDuty
What do we need
Embed the access key
Set up the C server
Attackers S3 Bucket
Common Flaws
Taught by
Hack In The Box Security Conference
Related Courses
Teaching goes massive: new skills requiredUniversity of Zurich via Coursera Introduction to Cloud Computing
IEEE via edX Déployez des applications dans le cloud avec IBM Bluemix
IBM via OpenClassrooms Mobile Devices in Everyday Life
Tallinn University via EMMA Planning and Preparing SharePoint Hybrid
Microsoft via edX