Trusted Binaries in Cybersecurity Discussed at BSides London 2024
/ 1 min read
🔍 Leveraging Trusted Binaries for Adversarial Techniques in Cybersecurity. At BSides London 2024, a presentation detailed methods for utilizing trusted binaries, such as Cloudflare’s ‘cloudflared’ and OpenSSH, to bypass security measures like EDRs and firewalls. The talk emphasized techniques for tunneling traffic and executing commands without relying on pre-installed SSH clients, showcasing a “double tunnel” method to operate over port 443 for enhanced stealth. Key strategies included monitoring for suspicious binary usage and implementing defensive measures like process telemetry and DNS logging to detect potential threats. The discussion highlighted the importance of understanding these techniques to bolster cybersecurity defenses against adversarial exploitation of trusted binaries.
