WEBCAST: Two Covert C2 Channels
John Strand // In this webcast, we walk through different tools to establish and test your Command and Control (C2) detection capabilities. Why does this matter? Almost all organizations we […]
C2
PowerShell DNS Command & Control with dnscat2-powershell
Luke Baggett // Imagine a scenario where a Penetration Tester is trying to set up command and control on an internal network blocking all outbound traffic, except traffic towards a […]
Steganography: The Art & Science of Hiding Things in Other Things – Part 1
Dakota Nelson* // Part 1: Image Formats What if I told you this adorable puppy was hiding a secret message? In this post, we’ll find out how this dog was […]
Google Docs becomes Google SOCKS: C2 Over Google Drive
Luke Baggett // If you’re monitoring a network with internet access, it’s almost inevitable that you’re going to see a lot of traffic to and from Google servers. Blending in […]
How to Build a 404 page not found C2
A Guest blog by Matthew Pawelski // A C2, or command-and-control, is used by attackers to control compromised systems. Most of these C2s are in control of large botnets, yet […]
Internal Pivot, Network Enumeration, & Lateral Movement
Joff Thyer // Picture a scenario whereby you are involved in an internal network penetration test. Perhaps you have succeeded with a spear-phishing campaign and landed on an internal system, […]
Click to Enable Content
Sally Vandeven // Evading anti-virus scanners has become a bit of a sport around BHIS. When we do C2 testing for our customers we start with a host on the […]
1 2