BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//hack-lu-2025//talk//XDPLNP
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-hack-lu-2025-XDPLNP@pretalx.com
DTSTART;TZID=CET:20251024T114500
DTEND;TZID=CET:20251024T121500
DESCRIPTION:As modern security defenses evolve\, attackers continue to leve
 rage legitimate cloud services for command-and-control (C2) communication\
 , effectively bypassing traditional network detection systems. This talk p
 resents original research into the abuse of lesser-known free cloud APIs s
 uch as GitHub Gists\, Telegram Bot API\, Discord Webhooks\, and Google App
 s Script for stealthy malware communication. Unlike well-documented abuses
  of Google Drive or Dropbox\, our study explores new\, unmonitored attack 
 surfaces that can be exploited by adversaries while remaining under the ra
 dar of enterprise security monitoring tools.\n\nKey topics of my talk:\nTe
 chniques for establishing C2 channels using free cloud services.\nEncrypti
 on and obfuscation strategies to evade EDR/ML-based detection.\nCase studi
 es demonstrating real-world proof-of-concepts (PoC) of API abuse.\nRecomme
 ndations for mitigating risks and detecting malicious API-based C2 activit
 y.\n\nTraditional C2 detection methods focus on recognizing known malware 
 signatures or anomalous network traffic. However\, API-based C2 channels b
 lend seamlessly into normal cloud service usage\, making them exceptionall
 y difficult to detect. This talk will provide defenders with insight into 
 how attackers exploit these mechanisms and offer practical countermeasures
  to strengthen security postures against emerging threats.\n\nTarget Audie
 nce:\n\nRed Teamers\, Ethical Hackers\, and Penetration Testers\nSOC Analy
 sts and Threat Hunters\nIncident Responders and Security Engineers
DTSTAMP:20260411T023855Z
LOCATION:Europe
SUMMARY:Exploiting Legit APIs for Covert C2: A New Perspective on Cloud-bas
 ed Malware Operations - cocomelonc
URL:https://pretalx.com/hack-lu-2025/talk/XDPLNP/
END:VEVENT
END:VCALENDAR