2025-10-24 –, Europe
As modern security defenses evolve, attackers continue to leverage legitimate cloud services for command-and-control (C2) communication, effectively bypassing traditional network detection systems. This talk presents original research into the abuse of lesser-known free cloud APIs such as GitHub Gists, Telegram Bot API, Discord Webhooks, and Google Apps Script for stealthy malware communication. Unlike well-documented abuses of Google Drive or Dropbox, our study explores new, unmonitored attack surfaces that can be exploited by adversaries while remaining under the radar of enterprise security monitoring tools.
Key topics of my talk:
Techniques for establishing C2 channels using free cloud services.
Encryption and obfuscation strategies to evade EDR/ML-based detection.
Case studies demonstrating real-world proof-of-concepts (PoC) of API abuse.
Recommendations for mitigating risks and detecting malicious API-based C2 activity.
Traditional C2 detection methods focus on recognizing known malware signatures or anomalous network traffic. However, API-based C2 channels blend seamlessly into normal cloud service usage, making them exceptionally difficult to detect. This talk will provide defenders with insight into how attackers exploit these mechanisms and offer practical countermeasures to strengthen security postures against emerging threats.
Target Audience:
Red Teamers, Ethical Hackers, and Penetration Testers
SOC Analysts and Threat Hunters
Incident Responders and Security Engineers
As defenders improve security mechanisms, adversaries are increasingly turning to overlooked cloud APIs to maintain covert command-and-control (C2) channels. This talk introduces original research into the misuse of lesser-monitored services like GitHub Gists, Telegram Bot API, Discord Webhooks, and Google Apps Script—highlighting how these platforms can be repurposed for stealthy malware communications. In contrast to widely studied vectors like Google Drive or Dropbox, our work focuses on emerging, underexplored APIs that evade most enterprise detection strategies.
This talk will cover:
Techniques to establish resilient C2 channels using free cloud APIs.
Methods of encryption and obfuscation to bypass EDR and ML-based detection.
Real-world PoCs showcasing API misuse for malware communications.
Defensive recommendations for detecting and disrupting API-based C2 activity.
Conventional C2 detection relies on pattern matching or anomaly spotting in network traffic. However, API-driven communications often blend with legitimate usage patterns, allowing attackers to remain undetected. This presentation aims to equip defenders with the knowledge and tools to recognize and respond to this evolving threat landscape.
Intended audience:
Red Teamers, Penetration Testers, and Malware Researchers
Threat Hunters and SOC Analysts
Security Engineers and Incident Responders
cybersecurity enthusiast, author, speaker and mathematician. Author of popular books:
MD MZ Malware Development Book (2022, 2024)
MALWILD: Malware in the Wild Book (2023)
Malware Development for Ethical Hackers Book: https://www.amazon.com/dp/1801810176 (2024)
Author and tech reviewer at Packt. Co founder of MSSP Research LAB, author of many cybersecurity blogs, HVCK magazine
Malpedia contributor
Speaker at BlackHat, Security BSides, Arab Security Conference, Hack.lu, Standoff, etc conferences