youtube
This talk was recorded at NDC Security in Oslo, Norway. #ndcsecurity #ndcconferences #security #developer #softwaredeveloper
Attend the next NDC conference near you:
Subscribe to our YouTube channel and learn every day: @NDC
Follow our Social Media!
#hacker #securitytools
Modern command-and-control (C2) frameworks don't just fall over when you block one protocol - they pivot, quietly but surely. The C2 brain, the intent and the goal stay the same, but the wire changes. If your detection strategy is married to ports or protocol signatures, then you're already behind - and at risk.
This talk will explore a small Python-based C2 lab with pluggable transports: the same controller/agent pair that can talk over ICMP payloads, DNS TXT records and HTTP headers, and automatically fails over to another protocol without changing its core logic when detection occurs.
The goal is not to show off yet another tunnel or a 'hey look, an ICMP data exfiltrator!', but to make the architectural pattern behind advanced tools like Cobalt Strike as painfully obvious as possible: C2 logic is transport-agnostic, indifferent, and ruthless, and protocol-centric defences are outdated.
|
2026/03/27
youtube
