Jason Doelger

Security Consultant, Attack and Penetration

Jason Doelger is a consultant for Optiv’s attack and penetration practice. He has a background in red team infrastructure deployment and targeted attack tactics. His current research focus involves evading malicious network activity detection measures.

 

Escape and Evasion Egressing Restricted Networks – Part 2

· By Mike Hodges, Jason Doelger, Curtis Fechner, Brian Payne ·

Attackers and security assessors alike are utilizing a technique called domain fronting, which masks malicious command and control (C2) traffic. This blog post revisits this type of evasive offensive cyber operations, which we first covered in a previous post. In this follow-up, we will discuss and demonstrate a nuance to domain fronting, which establishes command and control (C2) channels directly to inbox.google.com as well as other *.google.com applications, and the C2 channel is even encrypted with the legitimate Google SSL Certificate for that application. We'll further share some detection techniques that can be employed in an effort to identify this type of malicious traffic.

Continue reading
(1 Result)