Development and operations a practical guide
Download 4.62 Mb. View original pdf
|
- Navigate this page:
- Key Chapter Takeaways
| Domain Fronting Domain Fronting is a technique developed to support the bypass of censorship by routing traffic through legitimate and highly trusted domains. There are many services that support Domain Fronting, including Google App Engine, Amazon CloudFront, and Microsoft Azure. How does this work? When the traffic is received by a provider’s server, such as gmail.com, it is sent to an origin server, such as myapp.appspot.com. This is controlled based on a specified host header in the HTTP request. Either the origin server directly forwards traffic to a specified domain, which points to a threat- controlled C server, or a custom application proxies the request to complete the forwarding. Note: Using domain fronting has been severely limited as organizations have actively been reducing the ability to use it. As of the writing of this book it is still an option, but like many techniques, will changeover time. References 1. Red Team Infrastructure Wiki, https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki#domain-fronting. 2. Domain Fronting Via Cloudfront Alternate Domains, https://www.mdsec.co.uk/2017/02/domain-fronting-via- cloudfront-alternate-domains/. 3. High-reputation Redirectors and Domain Fronting, https://blog.cobaltstrike.com/2017/02/06/high-reputation- redirectors-and-domain-fronting/. 4. Finding Frontable Domains, https://github.com/rvrsh3ll/FindFrontableDomains Key Chapter Takeaways Engagement execution involves all efforts from the end of planning to the start of culmination and reporting, including the build-out of infrastructure. The execution phase is simply the practical application of the "why" and "how" from planning. Also remember: ● Good tradecraft is more valuable than any individual capability ● Sometimes the best way to exploit a system is to avoid using exploits ● A detailed C plan and defined infrastructure can be the difference between a successful and unsuccessful engagement ● Tools are enablers, nothing more ○ Know your tools and when to (or when not to) execute them ○ Ensure you understand why a tool is executed, what it does, and what indicators (or artifacts) it provides! ● Log, log, log! Homework 1. Expand the data handling guide to include data repository and storage guidelines. Develop a data collection process and workflow for operators. Consider manual and automated collection options. Develop a tradecraft guidance guide. Develop a standard toolbox. Note this is recommended but optional. Develop a command and control architecture and c deployment plan |