Reading through my weekly security news and stumbled on a about using Google Workspace's Drive and Sheets (formerly G-Suite) to communicate and exfiltrate information natively Drive and Sheets. Bleepingcomputer article Please note this article and its contents are for educational purposes only. By explaining tactics used by hackers, I hope only to further enable security professionals to better protect themselves and their companies. Disclaimer: I thought this was a clever project because: You do not have to set up any particular domains, servers as most C2 frameworks do. (And many defense tools maintain a dynamic list of  malicious domains, IPs, etc). This doesn't use common C2 and red team frameworks, such as Cobalt Strike, SilverC2, or Brute Ratel. This program and traffic only interact with Google's domains (*.google.com) to make detection more difficult for tools. A smart tool would be able to identify the malicious commands being executed. A caveat: EDR In this small video, I will be setting up this project and testing the viability of this project, which basically means me pulling this repository and typing commands. You are welcome to follow along with the video tutorial if you would like. I will be using a rudimentary Ubuntu 20.04 host on Digital Ocean as a simulation of my victim machine. that this would be an executable the attacker would deploy on a machine post compromise. NOTE And even though there are caveats, as there often are, the recent use of GC2 by APT41 which is a suspected Chinese state-sponsored hacking group means this tool is being used out in the wild. Take a look at the video for more information on my experience. https://youtu.be/pLfuZnLcR1o?embedable=true&transcript=true What did you think of this guide? Let me know your questions in the comments below. This article was part of where we share the best tech content that YouTube has to offer. HackerNoon’s YouTuber series If you want to see more from this series, check it out here.

The best videos on the Internet archived and shared on HackerNoon.

Walkthroughs, tutorials, guides, and tips. This story will teach you how to do something new or how to do something better.

How Hackers Host C2 Servers on Google Infrastructure (Google Sheets & Drive)

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

How to Build a Self-Hosted Password Vault: A Step-by-Step Guide

Windows Sticky Keys Exploit: The War Veteran That Never Dies

06/02/2018: Biggest Stories in the Cryptosphere

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

How to Build a Self-Hosted Password Vault: A Step-by-Step Guide

Windows Sticky Keys Exploit: The War Veteran That Never Dies

06/02/2018: Biggest Stories in the Cryptosphere

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps