| Category | Details |
|---|---|
| Tools for C2 Hunting | – Shodan: Search for internet-connected devices. – FOFA: Asia-focused tool for device discovery. – Censys: Provides SSL/TLS certificate data. – VirusTotal, urlscan.io: Offer supplementary insights. |
| Five Steps of C2 Hunting | 1. Find a known malicious IP/domain: Use threat intelligence tools. 2. Search in Shodan: Look for metadata, geolocation, open ports. 3. Inspect server metadata: Check SSL certificates, HTTP headers, and SSH keys. 4. Search for related servers: Use GreyNoise, Talos for gathering intel. 5. Automate hunting: Use Shodan API or CLI for regular hunts. |
| Key Pivot Points | – HTTP Headers: Look for unique header attributes. – HTML Pages: Use page hashes to identify related infrastructure. – SSH Keys: Search for reused public SSH keys. – SSL Certificates: Use SHA1/SHA256 or JA3/JARM hashes. |
| Using Shodan for C2 Hunting | – Register and search for IPs/domains using Shodan’s GUI or API. – Refine results with advanced search options. – Look for unique identifiers like HTML hashes, HTTP headers, SSL certificates. |
Read full article:https://kravensecurity.com/c2-hunting-using-shodan/
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply