SlideShare a Scribd company logo

C&C Framework- Ayan Saha.pptx

Download as PPTX, PDF
null - The Open Security Community
null - The Open Security Community

Deck of Ayan Saha's Session at Null Kolkata Meetup on 6th August.

Presentations & Public Speaking
1 of 15
C2 FRAMEWORKS: AN OVERVIEW Ayan Saha
AGENDA C2 Introduction & Matrix Terminologies SpyderC2 Framework & Demo C2 Traffic Analysis C2 - MITRE ATT&CK C2 FRAMEWOR K S : AN OVERVIEW 2
WHOAMI • Security Researcher, ATI - Keysight Technologies • Android Enthusiast • Open-Source Contributor – MITRE ATT&CK, Metasploit, Atomic RedTeam, SpyderC2, Security Blogs C2 FRAMEWOR K S : AN OVERVIEW 3 AYAN SAHA
C2 - INTRODUCTION • Simple Client and Server • Server sends commands • Client / Victim executes and returns results • Frameworks differs in few aspects – Modules, Listeners etc. – C2 Matrix C2 FRAMEWOR K S : AN OVERVIEW 4
C2 FRAMEWOR K S : AN OVERVIEW 5
TERMINOLOGIES LISTENER Listens for connections from victims. Various protocols – HTTP , DNS PAYLOAD Malware which gets executed on victim. Staged or Stageless BEACON Timely messages from victim to server looking for commands to execute. MODULES Evil functionalities or commands executed on victim. Ex: Screenshot TRAFFIC Network Traffic packets exchanged over the wire. C2 FRAMEWOR K S : AN OVERVIEW 6
SPYDERC2 • A basic C2 framework implemented by me. • Available open-source at GitHub : https://github.com/Ayantaker/SpyderC2 • Contributions are welcome. Ex: Add Keylogger module • YouTube Playlist for tutorials C2 FRAMEWOR K S : AN OVERVIEW 7
DEMO SpyderC2 C2 FRAMEWOR K S : AN OVERVIEW
C2 FRAMEWOR K S : AN OVERVIEW 9 Step 1 : Start the SpyderC2 Framework Step 2 : Start a listener and generate a payload
Step 3 : Execute payload on victim Step 4 : Execute modules, Ex: screenshot C2 FRAMEWOR K S : AN OVERVIEW
C2 TRAFFIC ANALYSIS RR 0 : Victim registration RR 1 : C2 Beacons RR 3: Task Request RR 4: Task Response C2 FRAMEWOR K S : AN OVERVIEW
MITRE ATT&CK – C2 • Knowledge Base, TTP • Most C2 frameworks mapped to MITRE TTP • Software Section • Chances for open-source contribution 12 TACTIC Ex – Persistence (TA0003) TECHNIQUE Ex – Registry Run keys (T1547.001) PROCEDURE Ex – Implemented with EmpireC2 (S0363) TTP C2 FRAMEWOR K S : AN OVERVIEW
C2 FRAMEWOR K S : AN OVERVIEW 13
KEY TAKEAWAYS What we learnt What C2 Frameworks are Lots of C2 Frameworks – C2 Matrix Spyder C2 Framework – Try it out! Try building your own framework. C2 Traffic Analysis. Tr y Open-Source Contributions C2 Matrix - Link MITRE ATT&CK : C2 TTP - Link SpyderC2 Modules - Link PRESENT A TI O N TITLE 14
THANK YOU 15 C2 FRAMEWOR K S : AN OVERVIEW

Recommended

Pursuing evasive custom command & control - GuideM
Pursuing evasive custom command & control - GuideMPursuing evasive custom command & control - GuideM
Pursuing evasive custom command & control - GuideMMark Secretario
 
Become a Cloud Security Ninja
Become a Cloud Security NinjaBecome a Cloud Security Ninja
Become a Cloud Security NinjaAmazon Web Services
 
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...Ambassador Labs
 
Layout design on MICROWIND
Layout design on MICROWINDLayout design on MICROWIND
Layout design on MICROWINDvaibhav jindal
 
Cloud Native SDN
Cloud Native SDNCloud Native SDN
Cloud Native SDNRomana Project
 
Atom The Redis Streams-Powered Microservices SDK: Dan Pipemazo
Atom The Redis Streams-Powered Microservices SDK: Dan PipemazoAtom The Redis Streams-Powered Microservices SDK: Dan Pipemazo
Atom The Redis Streams-Powered Microservices SDK: Dan PipemazoRedis Labs
 
Building the Internet of Things with Eclipse IoT - IoTBE meetup
Building the Internet of Things with Eclipse IoT - IoTBE meetupBuilding the Internet of Things with Eclipse IoT - IoTBE meetup
Building the Internet of Things with Eclipse IoT - IoTBE meetupBenjamin Cabé
 
Streaming meetup
Streaming meetupStreaming meetup
Streaming meetupkarthik_krk
 

Recommended

Pursuing evasive custom command & control - GuideM
Pursuing evasive custom command & control - GuideMPursuing evasive custom command & control - GuideM
Pursuing evasive custom command & control - GuideMMark Secretario
 
Become a Cloud Security Ninja
Become a Cloud Security NinjaBecome a Cloud Security Ninja
Become a Cloud Security NinjaAmazon Web Services
 
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...Ambassador Labs
 
Layout design on MICROWIND
Layout design on MICROWINDLayout design on MICROWIND
Layout design on MICROWINDvaibhav jindal
 
Cloud Native SDN
Cloud Native SDNCloud Native SDN
Cloud Native SDNRomana Project
 
Atom The Redis Streams-Powered Microservices SDK: Dan Pipemazo
Atom The Redis Streams-Powered Microservices SDK: Dan PipemazoAtom The Redis Streams-Powered Microservices SDK: Dan Pipemazo
Atom The Redis Streams-Powered Microservices SDK: Dan PipemazoRedis Labs
 
Building the Internet of Things with Eclipse IoT - IoTBE meetup
Building the Internet of Things with Eclipse IoT - IoTBE meetupBuilding the Internet of Things with Eclipse IoT - IoTBE meetup
Building the Internet of Things with Eclipse IoT - IoTBE meetupBenjamin Cabé
 
Streaming meetup
Streaming meetupStreaming meetup
Streaming meetupkarthik_krk
 
Functional and non-functional testing with IoT-Testware
Functional and non-functional testing with IoT-TestwareFunctional and non-functional testing with IoT-Testware
Functional and non-functional testing with IoT-TestwareAxel Rennoch
 
Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP FRSecure
 
Spark, GraphX, and Blockchains: Building a Behavioral Analytics Platform for ...
Spark, GraphX, and Blockchains: Building a Behavioral Analytics Platform for ...Spark, GraphX, and Blockchains: Building a Behavioral Analytics Platform for ...
Spark, GraphX, and Blockchains: Building a Behavioral Analytics Platform for ...Databricks
 
Common Infrastructure Exploits in AWS/GCP/Azure Servers and Containers
Common Infrastructure Exploits in AWS/GCP/Azure Servers and ContainersCommon Infrastructure Exploits in AWS/GCP/Azure Servers and Containers
Common Infrastructure Exploits in AWS/GCP/Azure Servers and ContainersPriyanka Aash
 
Deep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloudDeep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloudsparkfabrik
 
Wi fi-security-the-details-matter
Wi fi-security-the-details-matterWi fi-security-the-details-matter
Wi fi-security-the-details-matterDESMOND YUEN
 
CoAP Course for m2m and Internet of Things scenarios
CoAP Course for m2m and Internet of Things scenariosCoAP Course for m2m and Internet of Things scenarios
CoAP Course for m2m and Internet of Things scenarioscarlosralli
 
SF Big Analytics_20190612: Scaling Apache Spark on Kubernetes at Lyft
SF Big Analytics_20190612: Scaling Apache Spark on Kubernetes at LyftSF Big Analytics_20190612: Scaling Apache Spark on Kubernetes at Lyft
SF Big Analytics_20190612: Scaling Apache Spark on Kubernetes at LyftChester Chen
 
eProsima RPC over DDS - OMG June 2013 Berlin Meeting
eProsima RPC over DDS - OMG June 2013 Berlin MeetingeProsima RPC over DDS - OMG June 2013 Berlin Meeting
eProsima RPC over DDS - OMG June 2013 Berlin MeetingJaime Martin Losa
 
Test Execution Infrastructure for IoT Quality analysis
Test Execution Infrastructure for IoT Quality analysisTest Execution Infrastructure for IoT Quality analysis
Test Execution Infrastructure for IoT Quality analysisAxel Rennoch
 
Fiware: Connecting to robots
Fiware: Connecting to robotsFiware: Connecting to robots
Fiware: Connecting to robotsJaime Martin Losa
 
Microservices at ibotta pitfalls and learnings
Microservices at ibotta pitfalls and learningsMicroservices at ibotta pitfalls and learnings
Microservices at ibotta pitfalls and learningsMatthew Reynolds
 
Network Sniffing
Network SniffingNetwork Sniffing
Network Sniffingbudi rahardjo
 
ECI OpenFlow 2.0 the Future of SDN
ECI OpenFlow 2.0 the Future of SDN ECI OpenFlow 2.0 the Future of SDN
ECI OpenFlow 2.0 the Future of SDN ECI – THE ELASTIC NETWORK™
 
Secure 2019 - APT for Everyone - Adversary Simulations based on ATT&CK Framework
Secure 2019 - APT for Everyone - Adversary Simulations based on ATT&CK FrameworkSecure 2019 - APT for Everyone - Adversary Simulations based on ATT&CK Framework
Secure 2019 - APT for Everyone - Adversary Simulations based on ATT&CK FrameworkLeszek Mi?
 
Detecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking DataDetecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking DataDataWorks Summit
 
OMA Developer Tool Kit - Mobile World Congress
OMA Developer Tool Kit - Mobile World CongressOMA Developer Tool Kit - Mobile World Congress
OMA Developer Tool Kit - Mobile World CongressOpen Mobile Alliance
 
Ns fundamentals 1
Ns fundamentals 1Ns fundamentals 1
Ns fundamentals 1narmada alaparthi
 
Scala.io 2013 - Scala and ZeroMQ: Events beyond the JVM
Scala.io 2013 - Scala and ZeroMQ: Events beyond the JVMScala.io 2013 - Scala and ZeroMQ: Events beyond the JVM
Scala.io 2013 - Scala and ZeroMQ: Events beyond the JVMRUDDER
 
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2Jaime Martin Losa
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxnull - The Open Security Community
 

More Related Content

Similar to C&C Framework- Ayan Saha.pptx

Functional and non-functional testing with IoT-Testware
Functional and non-functional testing with IoT-TestwareFunctional and non-functional testing with IoT-Testware
Functional and non-functional testing with IoT-TestwareAxel Rennoch
 
Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP FRSecure
 
Spark, GraphX, and Blockchains: Building a Behavioral Analytics Platform for ...
Spark, GraphX, and Blockchains: Building a Behavioral Analytics Platform for ...Spark, GraphX, and Blockchains: Building a Behavioral Analytics Platform for ...
Spark, GraphX, and Blockchains: Building a Behavioral Analytics Platform for ...Databricks
 
Common Infrastructure Exploits in AWS/GCP/Azure Servers and Containers
Common Infrastructure Exploits in AWS/GCP/Azure Servers and ContainersCommon Infrastructure Exploits in AWS/GCP/Azure Servers and Containers
Common Infrastructure Exploits in AWS/GCP/Azure Servers and ContainersPriyanka Aash
 
Deep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloudDeep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloudsparkfabrik
 
Wi fi-security-the-details-matter
Wi fi-security-the-details-matterWi fi-security-the-details-matter
Wi fi-security-the-details-matterDESMOND YUEN
 
CoAP Course for m2m and Internet of Things scenarios
CoAP Course for m2m and Internet of Things scenariosCoAP Course for m2m and Internet of Things scenarios
CoAP Course for m2m and Internet of Things scenarioscarlosralli
 
SF Big Analytics_20190612: Scaling Apache Spark on Kubernetes at Lyft
SF Big Analytics_20190612: Scaling Apache Spark on Kubernetes at LyftSF Big Analytics_20190612: Scaling Apache Spark on Kubernetes at Lyft
SF Big Analytics_20190612: Scaling Apache Spark on Kubernetes at LyftChester Chen
 
eProsima RPC over DDS - OMG June 2013 Berlin Meeting
eProsima RPC over DDS - OMG June 2013 Berlin MeetingeProsima RPC over DDS - OMG June 2013 Berlin Meeting
eProsima RPC over DDS - OMG June 2013 Berlin MeetingJaime Martin Losa
 
Test Execution Infrastructure for IoT Quality analysis
Test Execution Infrastructure for IoT Quality analysisTest Execution Infrastructure for IoT Quality analysis
Test Execution Infrastructure for IoT Quality analysisAxel Rennoch
 
Fiware: Connecting to robots
Fiware: Connecting to robotsFiware: Connecting to robots
Fiware: Connecting to robotsJaime Martin Losa
 
Microservices at ibotta pitfalls and learnings
Microservices at ibotta pitfalls and learningsMicroservices at ibotta pitfalls and learnings
Microservices at ibotta pitfalls and learningsMatthew Reynolds
 
Secure 2019 - APT for Everyone - Adversary Simulations based on ATT&CK Framework
Secure 2019 - APT for Everyone - Adversary Simulations based on ATT&CK FrameworkSecure 2019 - APT for Everyone - Adversary Simulations based on ATT&CK Framework
Secure 2019 - APT for Everyone - Adversary Simulations based on ATT&CK FrameworkLeszek Mi?
 
Detecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking DataDetecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking DataDataWorks Summit
 
OMA Developer Tool Kit - Mobile World Congress
OMA Developer Tool Kit - Mobile World CongressOMA Developer Tool Kit - Mobile World Congress
OMA Developer Tool Kit - Mobile World CongressOpen Mobile Alliance
 
Scala.io 2013 - Scala and ZeroMQ: Events beyond the JVM
Scala.io 2013 - Scala and ZeroMQ: Events beyond the JVMScala.io 2013 - Scala and ZeroMQ: Events beyond the JVM
Scala.io 2013 - Scala and ZeroMQ: Events beyond the JVMRUDDER
 
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2Jaime Martin Losa
 

Similar to C&C Framework- Ayan Saha.pptx (20)

Functional and non-functional testing with IoT-Testware
Functional and non-functional testing with IoT-TestwareFunctional and non-functional testing with IoT-Testware
Functional and non-functional testing with IoT-Testware
 
Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP
 
Spark, GraphX, and Blockchains: Building a Behavioral Analytics Platform for ...
Spark, GraphX, and Blockchains: Building a Behavioral Analytics Platform for ...Spark, GraphX, and Blockchains: Building a Behavioral Analytics Platform for ...
Spark, GraphX, and Blockchains: Building a Behavioral Analytics Platform for ...
 
Common Infrastructure Exploits in AWS/GCP/Azure Servers and Containers
Common Infrastructure Exploits in AWS/GCP/Azure Servers and ContainersCommon Infrastructure Exploits in AWS/GCP/Azure Servers and Containers
Common Infrastructure Exploits in AWS/GCP/Azure Servers and Containers
 
Deep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloudDeep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloud
 
Wi fi-security-the-details-matter
Wi fi-security-the-details-matterWi fi-security-the-details-matter
Wi fi-security-the-details-matter
 
CoAP Course for m2m and Internet of Things scenarios
CoAP Course for m2m and Internet of Things scenariosCoAP Course for m2m and Internet of Things scenarios
CoAP Course for m2m and Internet of Things scenarios
 
SF Big Analytics_20190612: Scaling Apache Spark on Kubernetes at Lyft
SF Big Analytics_20190612: Scaling Apache Spark on Kubernetes at LyftSF Big Analytics_20190612: Scaling Apache Spark on Kubernetes at Lyft
SF Big Analytics_20190612: Scaling Apache Spark on Kubernetes at Lyft
 
eProsima RPC over DDS - OMG June 2013 Berlin Meeting
eProsima RPC over DDS - OMG June 2013 Berlin MeetingeProsima RPC over DDS - OMG June 2013 Berlin Meeting
eProsima RPC over DDS - OMG June 2013 Berlin Meeting
 
Test Execution Infrastructure for IoT Quality analysis
Test Execution Infrastructure for IoT Quality analysisTest Execution Infrastructure for IoT Quality analysis
Test Execution Infrastructure for IoT Quality analysis
 
Fiware: Connecting to robots
Fiware: Connecting to robotsFiware: Connecting to robots
Fiware: Connecting to robots
 
Microservices at ibotta pitfalls and learnings
Microservices at ibotta pitfalls and learningsMicroservices at ibotta pitfalls and learnings
Microservices at ibotta pitfalls and learnings
 
Network Sniffing
Network SniffingNetwork Sniffing
Network Sniffing
 
ECI OpenFlow 2.0 the Future of SDN
ECI OpenFlow 2.0 the Future of SDN ECI OpenFlow 2.0 the Future of SDN
ECI OpenFlow 2.0 the Future of SDN
 
Secure 2019 - APT for Everyone - Adversary Simulations based on ATT&CK Framework
Secure 2019 - APT for Everyone - Adversary Simulations based on ATT&CK FrameworkSecure 2019 - APT for Everyone - Adversary Simulations based on ATT&CK Framework
Secure 2019 - APT for Everyone - Adversary Simulations based on ATT&CK Framework
 
Detecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking DataDetecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking Data
 
OMA Developer Tool Kit - Mobile World Congress
OMA Developer Tool Kit - Mobile World CongressOMA Developer Tool Kit - Mobile World Congress
OMA Developer Tool Kit - Mobile World Congress
 
Ns fundamentals 1
Ns fundamentals 1Ns fundamentals 1
Ns fundamentals 1
 
Scala.io 2013 - Scala and ZeroMQ: Events beyond the JVM
Scala.io 2013 - Scala and ZeroMQ: Events beyond the JVMScala.io 2013 - Scala and ZeroMQ: Events beyond the JVM
Scala.io 2013 - Scala and ZeroMQ: Events beyond the JVM
 
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
 

More from null - The Open Security Community

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Immutable Desktop using Container Orchestration By Mohammed Danish Amber .pdf
Immutable Desktop using Container Orchestration By Mohammed Danish Amber .pdfImmutable Desktop using Container Orchestration By Mohammed Danish Amber .pdf
Immutable Desktop using Container Orchestration By Mohammed Danish Amber .pdfnull - The Open Security Community
 
Digital Personal Data Protection Act 2023 by S Ramakrishnan.pdf
Digital Personal Data Protection Act 2023 by S Ramakrishnan.pdfDigital Personal Data Protection Act 2023 by S Ramakrishnan.pdf
Digital Personal Data Protection Act 2023 by S Ramakrishnan.pdfnull - The Open Security Community
 
Beyond Boundaries-The Power of Zero Trust Networking By Mohammed Danish Amber...
Beyond Boundaries-The Power of Zero Trust Networking By Mohammed Danish Amber...Beyond Boundaries-The Power of Zero Trust Networking By Mohammed Danish Amber...
Beyond Boundaries-The Power of Zero Trust Networking By Mohammed Danish Amber...null - The Open Security Community
 
Reverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptx
Reverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptxReverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptx
Reverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptxnull - The Open Security Community
 
Get Started with Cyber Security and Its Landscape Null Community Presentation...
Get Started with Cyber Security and Its Landscape Null Community Presentation...Get Started with Cyber Security and Its Landscape Null Community Presentation...
Get Started with Cyber Security and Its Landscape Null Community Presentation...null - The Open Security Community
 
Demystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptx
Demystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptxDemystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptx
Demystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptxnull - The Open Security Community
 

More from null - The Open Security Community (18)

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
Hardware-Hacking-101 By Asutosh Kumar.pdf
Hardware-Hacking-101 By Asutosh Kumar.pdfHardware-Hacking-101 By Asutosh Kumar.pdf
Hardware-Hacking-101 By Asutosh Kumar.pdf
 
Demystifying-DNS-Attack-by-Rakesh Seal.pdf
Demystifying-DNS-Attack-by-Rakesh Seal.pdfDemystifying-DNS-Attack-by-Rakesh Seal.pdf
Demystifying-DNS-Attack-by-Rakesh Seal.pdf
 
Immutable Desktop using Container Orchestration By Mohammed Danish Amber .pdf
Immutable Desktop using Container Orchestration By Mohammed Danish Amber .pdfImmutable Desktop using Container Orchestration By Mohammed Danish Amber .pdf
Immutable Desktop using Container Orchestration By Mohammed Danish Amber .pdf
 
Recon for Bug Bounty by Agnibha Dutta.pdf
Recon for Bug Bounty by Agnibha Dutta.pdfRecon for Bug Bounty by Agnibha Dutta.pdf
Recon for Bug Bounty by Agnibha Dutta.pdf
 
A talk on OWASP Top 10 by Mukunda Tamly
A talk on OWASP Top 10 by Mukunda TamlyA talk on OWASP Top 10 by Mukunda Tamly
A talk on OWASP Top 10 by Mukunda Tamly
 
The Mysterious Paradigm of Fuzzing by Rakesh Seal
The Mysterious Paradigm of Fuzzing by Rakesh SealThe Mysterious Paradigm of Fuzzing by Rakesh Seal
The Mysterious Paradigm of Fuzzing by Rakesh Seal
 
Digital Personal Data Protection Act 2023 by S Ramakrishnan.pdf
Digital Personal Data Protection Act 2023 by S Ramakrishnan.pdfDigital Personal Data Protection Act 2023 by S Ramakrishnan.pdf
Digital Personal Data Protection Act 2023 by S Ramakrishnan.pdf
 
Beyond Boundaries-The Power of Zero Trust Networking By Mohammed Danish Amber...
Beyond Boundaries-The Power of Zero Trust Networking By Mohammed Danish Amber...Beyond Boundaries-The Power of Zero Trust Networking By Mohammed Danish Amber...
Beyond Boundaries-The Power of Zero Trust Networking By Mohammed Danish Amber...
 
Cyber_Forensics_in_the_New_Age_of_Cyber_Security.pdf
Cyber_Forensics_in_the_New_Age_of_Cyber_Security.pdfCyber_Forensics_in_the_New_Age_of_Cyber_Security.pdf
Cyber_Forensics_in_the_New_Age_of_Cyber_Security.pdf
 
GSM-CallFlowAndSecurity Features (2G-3G-4G).pptx
GSM-CallFlowAndSecurity Features (2G-3G-4G).pptxGSM-CallFlowAndSecurity Features (2G-3G-4G).pptx
GSM-CallFlowAndSecurity Features (2G-3G-4G).pptx
 
Reverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptx
Reverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptxReverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptx
Reverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptx
 
Get Started with Cyber Security and Its Landscape Null Community Presentation...
Get Started with Cyber Security and Its Landscape Null Community Presentation...Get Started with Cyber Security and Its Landscape Null Community Presentation...
Get Started with Cyber Security and Its Landscape Null Community Presentation...
 
Evolution of Hacking- Ronit Chakraborty .pptx
Evolution of Hacking- Ronit Chakraborty .pptxEvolution of Hacking- Ronit Chakraborty .pptx
Evolution of Hacking- Ronit Chakraborty .pptx
 
Demystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptx
Demystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptxDemystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptx
Demystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptx
 

Recently uploaded

OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...NETWAYS
 
Dutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
Dutch Power - 26 maart 2024 - Henk Kras - Circular PlasticsDutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
Dutch Power - 26 maart 2024 - Henk Kras - Circular PlasticsDutch Power
 
Anne Frank A Beacon of Hope amidst darkness ppt.pptx
Anne Frank A Beacon of Hope amidst darkness ppt.pptxAnne Frank A Beacon of Hope amidst darkness ppt.pptx
Anne Frank A Beacon of Hope amidst darkness ppt.pptxnoorehahmad
 
The Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism PresentationThe Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism PresentationNathan Young
 
The 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringThe 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringSebastiano Panichella
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...NETWAYS
 
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)Basil Achie
 
Event 4 Introduction to Open Source.pptx
Event 4 Introduction to Open Source.pptxEvent 4 Introduction to Open Source.pptx
Event 4 Introduction to Open Source.pptxaryanv1753
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Salam Al-Karadaghi
 
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...marjmae69
 
miladyskindiseases-200705210221 2.!!pptx
miladyskindiseases-200705210221 2.!!pptxmiladyskindiseases-200705210221 2.!!pptx
miladyskindiseases-200705210221 2.!!pptxCarrieButtitta
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...NETWAYS
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfhenrik385807
 
Mathan flower ppt.pptx slide orchids ✨🌸
Mathan flower ppt.pptx slide orchids ✨🌸Mathan flower ppt.pptx slide orchids ✨🌸
Mathan flower ppt.pptx slide orchids ✨🌸mathanramanathan2005
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...NETWAYS
 
PHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGYPHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGYpruthirajnayak525
 
James Joyce, Dubliners and Ulysses.ppt !
James Joyce, Dubliners and Ulysses.ppt !James Joyce, Dubliners and Ulysses.ppt !
James Joyce, Dubliners and Ulysses.ppt !risocarla2016
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptssuser319dad
 
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...NETWAYS
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSebastiano Panichella
 

Recently uploaded (20)

OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
 
Dutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
Dutch Power - 26 maart 2024 - Henk Kras - Circular PlasticsDutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
Dutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
 
Anne Frank A Beacon of Hope amidst darkness ppt.pptx
Anne Frank A Beacon of Hope amidst darkness ppt.pptxAnne Frank A Beacon of Hope amidst darkness ppt.pptx
Anne Frank A Beacon of Hope amidst darkness ppt.pptx
 
The Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism PresentationThe Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism Presentation
 
The 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringThe 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software Engineering
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
 
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
 
Event 4 Introduction to Open Source.pptx
Event 4 Introduction to Open Source.pptxEvent 4 Introduction to Open Source.pptx
Event 4 Introduction to Open Source.pptx
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
 
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
 
miladyskindiseases-200705210221 2.!!pptx
miladyskindiseases-200705210221 2.!!pptxmiladyskindiseases-200705210221 2.!!pptx
miladyskindiseases-200705210221 2.!!pptx
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
 
Mathan flower ppt.pptx slide orchids ✨🌸
Mathan flower ppt.pptx slide orchids ✨🌸Mathan flower ppt.pptx slide orchids ✨🌸
Mathan flower ppt.pptx slide orchids ✨🌸
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
 
PHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGYPHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGY
 
James Joyce, Dubliners and Ulysses.ppt !
James Joyce, Dubliners and Ulysses.ppt !James Joyce, Dubliners and Ulysses.ppt !
James Joyce, Dubliners and Ulysses.ppt !
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.ppt
 
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation Track
 

C&C Framework- Ayan Saha.pptx

  • 2. AGENDA C2 Introduction & Matrix Terminologies SpyderC2 Framework & Demo C2 Traffic Analysis C2 - MITRE ATT&CK C2 FRAMEWOR K S : AN OVERVIEW 2
  • 3. WHOAMI • Security Researcher, ATI - Keysight Technologies • Android Enthusiast • Open-Source Contributor – MITRE ATT&CK, Metasploit, Atomic RedTeam, SpyderC2, Security Blogs C2 FRAMEWOR K S : AN OVERVIEW 3 AYAN SAHA
  • 4. C2 - INTRODUCTION • Simple Client and Server • Server sends commands • Client / Victim executes and returns results • Frameworks differs in few aspects – Modules, Listeners etc. – C2 Matrix C2 FRAMEWOR K S : AN OVERVIEW 4
  • 5. C2 FRAMEWOR K S : AN OVERVIEW 5
  • 6. TERMINOLOGIES LISTENER Listens for connections from victims. Various protocols – HTTP , DNS PAYLOAD Malware which gets executed on victim. Staged or Stageless BEACON Timely messages from victim to server looking for commands to execute. MODULES Evil functionalities or commands executed on victim. Ex: Screenshot TRAFFIC Network Traffic packets exchanged over the wire. C2 FRAMEWOR K S : AN OVERVIEW 6
  • 7. SPYDERC2 • A basic C2 framework implemented by me. • Available open-source at GitHub : https://github.com/Ayantaker/SpyderC2 • Contributions are welcome. Ex: Add Keylogger module • YouTube Playlist for tutorials C2 FRAMEWOR K S : AN OVERVIEW 7
  • 8. DEMO SpyderC2 C2 FRAMEWOR K S : AN OVERVIEW
  • 9. C2 FRAMEWOR K S : AN OVERVIEW 9 Step 1 : Start the SpyderC2 Framework Step 2 : Start a listener and generate a payload
  • 10. Step 3 : Execute payload on victim Step 4 : Execute modules, Ex: screenshot C2 FRAMEWOR K S : AN OVERVIEW
  • 11. C2 TRAFFIC ANALYSIS RR 0 : Victim registration RR 1 : C2 Beacons RR 3: Task Request RR 4: Task Response C2 FRAMEWOR K S : AN OVERVIEW
  • 12. MITRE ATT&CK – C2 • Knowledge Base, TTP • Most C2 frameworks mapped to MITRE TTP • Software Section • Chances for open-source contribution 12 TACTIC Ex – Persistence (TA0003) TECHNIQUE Ex – Registry Run keys (T1547.001) PROCEDURE Ex – Implemented with EmpireC2 (S0363) TTP C2 FRAMEWOR K S : AN OVERVIEW
  • 13. C2 FRAMEWOR K S : AN OVERVIEW 13
  • 14. KEY TAKEAWAYS What we learnt What C2 Frameworks are Lots of C2 Frameworks – C2 Matrix Spyder C2 Framework – Try it out! Try building your own framework. C2 Traffic Analysis. Tr y Open-Source Contributions C2 Matrix - Link MITRE ATT&CK : C2 TTP - Link SpyderC2 Modules - Link PRESENT A TI O N TITLE 14
  • 15. THANK YOU 15 C2 FRAMEWOR K S : AN OVERVIEW

Editor's Notes

  1. Remove phone number