AWS GuardDuty - Post-DNS Era Covert Channel For C&C
Offered By: Hack In The Box Security Conference via YouTube
Course Description
Overview
Explore advanced covert communication techniques for malware in this Hack In The Box Security Conference talk. Delve into the evolution of DNS tunneling and its detection by Network Intrusion Detection Systems (NIDS). Learn how malware can maintain stealthy communication channels by leveraging cloud services and Content Delivery Networks (CDNs). Discover a robust Command and Control (C&C) method using attacker-owned S3 buckets to evade AWS GuardDuty detection. Examine various AWS services that can be exploited for covert C&C and data exfiltration. Gain insights into mitigation strategies and common pitfalls to avoid when using public cloud services like AWS. Benefit from the speaker's extensive programming background and previous conference experiences to understand cutting-edge cybersecurity threats and defenses.
Syllabus
Introduction
Agenda
Timeline
DNS Tunneling
DNS Over HTTPS
NetworkBased Ideas
HostBased Ideas
SIM
Cloud services
Preparation
How it establishes
Three possible outcomes
AWS GuardDuty
What do we need
Embed the access key
Set up the C server
Attackers S3 Bucket
Common Flaws
Taught by
Hack In The Box Security Conference
Related Courses
Malicious Software and its Underground Economy: Two Sides to Every StoryUniversity of London International Programmes via Coursera Sicherheit im Internet
openHPI Cybersecurity Fundamentals
Rochester Institute of Technology via edX Network Security
Georgia Institute of Technology via Udacity Ciberseguridad: ataques y contramedidas
Universidad Rey Juan Carlos via Independent