Cobalt Strike Beacon C2 using Amazon APIs

AWS provides services that help you create complex applications with increased flexibility, scalability and reliability, sufficient processing power, storage for databases, delivery and other functionality.

A group of researchers developed a way to use the AWS API Amazon. A reliable malicious channel was created through the use of Cobalt Strike specifications “ExternalC2”. To summarize, blue teams have a variety of techniques at their disposal to block and detect malwares. By utilizing AWS API services – particularly S3 buckets – as the C2 source, we can be assured the domain will be live in all environments and subvert the prevention / detection techniques.

You can get acquainted with the details in Dwight Hohnstein’s article. This article demonstrates how to bypass several network security tools.

More.

DISCLAIMER: THIS POST IS FOR INFORMATIONAL PURPOSES ONLY AND IS NOT TO BE CONSIDERED LEGAL ADVICE ON ANY SUBJECT MATTER. DIGITAL FORENSICS CORP. IS NOT A LAWFIRM AND DOES NOT PROVIDE LEGAL ADVICE OR SERVICES. By viewing posts, the reader understands there is no attorney-client relationship, the post should not be used as a substitute for legal advice from a licensed professional attorney, and readers are urged to consult their own legal counsel on any specific legal questions concerning a specific situation.

News

Cobalt Strike Beacon C2 using Amazon APIs

Read Next

USA Passes Take It Down Act: Fighting NCII at the Federal Level

Operation Artemis: FBI Arrests 22 in International Sextortion Crackdown

Digital Forensics Corp. Launches Pro Bono Initiative to Combat Sextortion Targeting Minors

Digital Forensics Corp. Launches 2025 Sextortion Study to Uncover the True Scope of a Growing Cybercrime