|
|
|
|
|
|
by poisonbug
1313 days ago
|
|
|
The issue isn't with phishing. The issue is with threat actors using domain fronting as a network masquerading technique when having command and control traffic call back to Cobalt Strike servers. You can use domain fronting look like it's heading back to legitimate sources such as Microsoft, but unless the corporation is doing SSL termination on the endpoints, it's impossible to determine the exact destination. Azure originally started on this path in 2021: https://www.microsoft.com/en-us/security/blog/2021/03/26/sec... Working in the pentest/red team field, I've seen various providers ban consulting companies and red teams from using domain fronting -- however, this doesn't stop the threat actors. |
|
|