C2 With Python, Powershell, and Favicons

As I was leisurely browsing the web recently, I saw the icon for a website pop up on one of my tabs and an idea popped into my head — the favicon is such a common thing to see in packet captures and the like that it would surely be overlooked as a potential vector for c2 of malware. There may be people doing this already, I’m not saying it’s a completely groundbreaking idea, but merely another tool to stick in the toolbox as I am always trying to adapt and find new ways of doing things. Python makes this task very trivial too, so I decided to whip up some code to see how well it would work out.

Having spent time during CTFs utilizing the Python Image Library to create / read images I knew the creation of the PNG file would be the easy part. A simple implementation could be the following:

(more…)

Read More