Report an incident
Customer Portal
← Back to Labs
← Volver a Labs
Medium
CyberCrime, Malware
Command and Control, Defense Evasion, Execution
Cloud

When Malicious Traffic Blends In: Trojan-Proxies Leveraging DNS Over HTTPS for Stealth

Protocol tunneling enables malware and threat actors to stealthily communicate with their command-and-control (C2) servers by encapsulating malicious traffic within legitimate protocols, helping evade detection. In the past few months, we have detected several weaponized software with a trojan-proxy capable of solving C2 server via DoH (DNS over HTTPS) making malicious traffic indistinguishable from legitimate HTTPS web traffic.

Download PDF

labs correlati

RedSun: Turning Microsoft Defender into a Path to SYSTEM-Level Privilege Escalation
Medium
Bypass
Privilege Escalation
Sysmon, Windows

RedSun: Turning Microsoft Defender into a Path to SYSTEM-Level Privilege Escalation

Learn more
BlueHammer windows Zero-Day
Medium
Bypass
Privilege Escalation
EDR, Sysmon, Windows

BlueHammer windows Zero-Day

Learn more
Weaponizing Windows Toast Notifications Abuse of ToastNotify.exe for Phishing and Credential Coercion
Medium
Bypass
Defense Evasion
EDR, Sysmon, Windows

Weaponizing Windows Toast Notifications: Abuse of ToastNotify.exe for Phishing and Credential Coercion

Learn more
1 2 3 12

Contacts

Get in touch with us

Contact Us
Sorint.SEC
Via dell'Artigianato,
24046 Osio Sotto BG
Italy


+39 035 0510401
info@sec.sorint.it
Pages
Services
Certifications
chevron-right