当前位置:首页 > 报告详情

幽灵电话:滥用网络会议进行隐蔽指挥与控制.pdf

上传人: 竿*** 编号:981869 2025-11-29 91页 3.93MB

1、#BHUSA BlackHatEventsGhost Calls:Abusing Web Conferencing for Covert Command&ControlAdam Crosser#BHUSA BlackHatEvents2IntroductionAdam CrosserPraetorianX:https:/ BlackHatEvents3Types of Command-and-Control Channels#BHUSA BlackHatEvents4Types of Command-and-Control Channels#BHUSA BlackHatEvents5Types

2、 of Command-and-Control Channels#BHUSA BlackHatEvents6Types of Command-and-Control Channels#BHUSA BlackHatEvents7Types of Command-and-Control Channels#BHUSA BlackHatEvents8Brainstorming Solutions#BHUSA BlackHatEvents9Ideal Short-Term Command and Control#BHUSA BlackHatEvents10Ideal Short-Term Command

3、 and ControlLATENCY#BHUSA BlackHatEvents11Ideal Short-Term Command and ControlTHROUGHPUTLATENCY#BHUSA BlackHatEvents12Ideal Short-Term Command and ControlTHROUGHPUTLATENCYREACH#BHUSA BlackHatEvents13Ideal Short-Term Command and ControlTHROUGHPUTLATENCYTRUSTREACH#BHUSA BlackHatEvents14Selection Crite

4、ria Focused on services egressing from user devices Must be broadly used across enterprise roles Applicable to non-technical departments(e.g.,HR,sales)Protocols favored by technical users were excluded Thought through common workflows and use-cases#BHUSA BlackHatEvents15DNS over HTTP(DoH)LATENCYTHRO

5、UGHPUTREACHTRUST#BHUSA BlackHatEvents16Cloud File StorageLATENCYTHROUGHPUTREACHTRUST#BHUSA BlackHatEvents17Attacker VM with Classified DomainLATENCYTHROUGHPUTREACHTRUST#BHUSA BlackHatEvents18Email and Messaging ApplicationsLATENCYTHROUGHPUTREACHTRUST#BHUSA BlackHatEvents19Web ConferencingLATENCYTHRO

6、UGHPUTREACHTRUST#BHUSA BlackHatEvents20Microsoft Teams Split Tunneling Guidelineshttps:/ BlackHatEvents21Microsoft Teams TLS Inspectionhttps:/ BlackHatEvents22Zoom Split Tunneling Recommendationshttps:/ BlackHatEvents23Zoom TLS Inspection Recommendationshttps:/ BlackHatEvents24Quick Disclaimer Provi

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,本文主要探讨了利用网络会议系统进行隐蔽的命令与控制(C2)通信。以下是全文关键点: 1. **C2通信渠道类型**:文章讨论了多种C2通信渠道,包括DNS、云存储、电子邮件、Web会议等。 2. **Web会议作为C2渠道**:特别强调了Web会议(如Zoom和Microsoft Teams)作为C2通信的隐蔽性。 3. **TURN协议**:介绍了TURN(Traversal Using Relays around NAT)协议,它允许网络中的设备通过NAT进行通信。 4. **TURNt工具**:介绍了TURNt,一个开源工具,用于在TURN协议上建立短期C2隧道。 5. **使用案例**:展示了如何使用TURNt从Zoom和Microsoft Teams获取凭证,并实现远程端口转发。 6. **防御考虑**:讨论了检测此类攻击的困难性,并建议关注其他攻击链环节。 7. **未来工作**:提出了进一步研究其他Web会议服务提供商和改进TURNt工具的建议。
"Web会议变黑客工具?揭秘!" "如何防范Zoom等会议软件的滥用?" Turnt隧道技术!"
客服
商务合作
小程序
服务号
折叠