Command & Control infrastructure is commonly thought of as spun up servers using newly found or known-bad domains and IP addresses. But what about common cloud storage services being used for such purposes? We'll look at some real-world examples of APTs using this technique in the wild. We'll demo an open source tool that uses Dropbox as a Command & Control server and observe the network activity associated with this communication.
I am a Senior at UTSA double majoring in Cyber Security and Information Systems, intern on Frost Bank's Security Monitoring & Incident Response team, Captain of UTSA's CCDC Red Team with an interest in offensive security.