Ghost Calls: Abusing Web Conferencing for Covert Command & Control (Part 2 of 2)
In part one, we discussed the architecture of web conferencing applications, with a specific focus on Zoom’s architecture to support web conferencing at a massive global scale. Part two will discuss the approach we developed to support tunneling traffic through Zoom and Microsoft Teams using the TURN protocol. Let’s start with a quick recap of […]
Ghost Calls: Abusing Web Conferencing for Covert Command & Control (Part 1 of 2)
In the middle of a particularly tight red team engagement, we hit a familiar wall. Our long-term implant was rock solid—quiet, persistent, and thoroughly under the radar. But when it came time to pivot into something more interactive—proxy traffic, tunnel HVNC, relay NTLM—we started running into limits. The channel that worked so well for low-and-slow […]