As modern security defenses evolve, attackers continue to leverage legitimate cloud services for command-and-control (C2) communication, effectively bypassing traditional network detection systems. This talk presents original research into the abuse of lesser-known free cloud APIs such as GitHub Gists, Telegram Bot API, Discord Webhooks, and Google Apps Script for stealthy malware communication. Unlike well-documented abuses of Google Drive or Dropbox, our study explores new, unmonitored attack surfaces that can be exploited by adversaries while remaining under the radar of enterprise security monitoring tools.

Key topics of my talk:
Techniques for establishing C2 channels using free cloud services.
Encryption and obfuscation strategies to evade EDR/ML-based detection.
Case studies demonstrating real-world proof-of-concepts (PoC) of API abuse.
Recommendations for mitigating risks and detecting malicious API-based C2 activity.

Traditional C2 detection methods focus on recognizing known malware signatures or anomalous network traffic. However, API-based C2 channels blend seamlessly into normal cloud service usage, making them exceptionally difficult to detect. This talk will provide defenders with insight into how attackers exploit these mechanisms and offer practical countermeasures to strengthen security postures against emerging threats.

Target Audience:

Red Teamers, Ethical Hackers, and Penetration Testers
SOC Analysts and Threat Hunters
Incident Responders and Security Engineers