script:x509_ext_c2
This is an old revision of the document!
Detecting covert channels in X.509 Digital Certificates using the Trisul LUA API
I saw a couple of blogs about a new way to create a C2 (Command and Control) channel using X.509 Certificates. This technique is described in Abusing X.509 Certificates for Covert Data Exchange 1) and the original link on the Fidelis Blog Whats missing is in front of us 2)
2)
https://www.fidelissecurity.com/threatgeek/2018/02/exposing-x509-vulnerabilities) and also on the Network Miner blog Examining a X.509 Covert Channel (( Network Miner blog post https://www.fidelissecurity.com/threatgeek/2018/02/exposing-x509-vulnerabilities
script/x509_ext_c2.1518110702.txt.gz · Last modified: 2018/02/08 22:55 by veera