| Category | Details |
|---|---|
| Tools for C2 Hunting | - Shodan: Search for internet-connected devices. - FOFA: Asia-focused tool for device discovery. - Censys: Provides SSL/TLS certificate data. - VirusTotal, urlscan.io: Offer supplementary insights. |
| Five Steps of C2 Hunting | 1. Find a known malicious IP/domain: Use threat intelligence tools. 2. Search in Shodan: Look for metadata, geolocation, open ports. 3. Inspect server metadata: Check SSL certificates, HTTP headers, and SSH keys. 4. Search for related servers: Use GreyNoise, Talos for gathering intel. 5. Automate hunting: Use Shodan API or CLI for regular hunts. |
| Key Pivot Points | - HTTP Headers: Look for unique header attributes. - HTML Pages: Use page hashes to identify related infrastructure. - SSH Keys: Search for reused public SSH keys. - SSL Certificates: Use SHA1/SHA256 or JA3/JARM hashes. |
| Using Shodan for C2 Hunting | - Register and search for IPs/domains using Shodan’s GUI or API. - Refine results with advanced search options. - Look for unique identifiers like HTML hashes, HTTP headers, SSL certificates. |
Read full article:https://kravensecurity.com/c2-hunting-using-shodan/
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply