Now Reading
Cobalt Strike Beacon C2 using Amazon APIs

Cobalt Strike Beacon C2 using Amazon APIs

by Igor Mikhaylov2018-02-28

AWS provides services that help you create complex applications with increased flexibility, scalability and reliability, sufficient processing power, storage for databases, delivery and other functionality.

A group of researchers developed a way to use the AWS API Amazon. A reliable malicious channel was created through the use of Cobalt Strike specifications “ExternalC2”. To summarize, blue teams have a variety of techniques at their disposal to block and detect malwares. By utilizing AWS API services – particularly S3 buckets – as the C2 source, we can be assured the domain will be live in all environments and subvert the prevention / detection techniques.

You can get acquainted with the details in Dwight Hohnstein’s article. This article demonstrates how to bypass several network security tools.



Leave a Response

Please enter the result of the calculation above.