Member-only story
Master C&C from Userland to Kernel Mode on Windows (Part 2: C2 over QUIC )
Hello everybody, today i will talk about how to use QUIC protocol as command and control channel during your red team engagement.
As a brief introduction, QUIC, as defined by the Internet Engineering Task Force (IETF), is an encrypted connection-oriented protocol that operates at the Transport Layer, or Layer 4, in the OSI model. While only formally adopted as a standard by the IETF in May 2021, its roots date back nearly a decade.
In one word, the motivation behind the development of QUIC is speed. In contrast to HTTPS leveraging TLS, which is built on top of the TCP protocol, QUIC is built on top of UDP. This comes with one clear advantage: the time to the first valuable communication drops significantly.
One of the key advantages of using QUIC C2 is its ability to blend in with regular traffic by mimicking video streaming traffic like Youtube which help you to exfiltrate data in stealthy way and make it hard to detect.
Disclaimer:
The content in this article is intended solely for educational purposes. All techniques and examples demonstrated are designed to enhance understanding of cybersecurity practices, including defensive strategies and ethical hacking methodologies.
