A Proof of Concept to show how blockchain can solve C2C persistence. PoC originally presented at EuskalHack Security Congress 2017, updated and improved for Cybercamp 2017.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


A PoC of a Blockchain-based C&C


This project contains a Proof of Concept on how to push information to the Bitcoin blockchain using OP_RETURN. Some sample clients have been added to illustrate how the information in the blockhain can be used as a place from where we can extract commands to be run or any other orders. This PoC was originally presented at EuskalHack Security Congress @ Donostia-San Sebastián in 2017.


Yaiza Rubio (@yrubiosec) and Félix Brezo (@febrezo)



Administration Tool

To run the Python administration and victim tools, users need to run:

git clone https://github.com/i3visio/blockchain_c2c
cd blockchain_c2c
pip install -r requirements

To start the administration tool:

cd admin
python blockchain_c2c.py

Afterwards, the interactive menus can be followed up.

At the moment, the transaction needs to be pushed manually using a suitable provider like Blockr.io.

Consumer tools

Using the Python Client

The Python client can be found under /vitcim/python. The file is:

cd victim/python
python blockchain_client.py

Using the Javascript Client

Under the victim/javascript/ a sample implementation of the bitcoin_client.py code has been ported to Javascript. This can be added on any website or browser extension easily.