-
Notifications
You must be signed in to change notification settings - Fork 15
HTTPS C2
Maxime Landon edited this page Feb 22, 2020
·
2 revisions
-
Wiregost supports proxy-aware C2 over both HTTP and HTTPS, however since Wiregost does not rely upon the SSL/TLS layer for security these protocols are considered somewhat synonymous.
-
Wiregost implants are compiled with a baked-in (but obfuscated of course) server domain that they will reach back out to.
-
Wiregost can stand up a website on your HTTP(S) listener in order to make the server look more legitimate. For example, you could put a default IIS index page here and mimic a normal-looking server in case someone comes by snooping.
- For using HTTP(S) implants/listeners, check HTTP(S) Payloads
- For using Website static content, check Websites