Andy has over eight years of experience in the security industry with a focus in identity, cloud, and mobility. He has architected privileged security solutions for Fortune 100 companies and advised customers on overall identity strategy. Andy received his BS in Electrical Engineering from Georgia Tech and currently serves as a Regional Director on the CyberArk Systems Engineering team.
Using Domain Fronting to Abuse Content Delivery Networks
This presentation will show a new technique for domain fronting, which enables attackers to abuse Content Delivery Networks (CDNs) to mask malware command and control (C2) traffic. While many CDNs are potentially impacted, Akamai is one of the largest. During our research we identified tens of thousands of high reputation domains served by Akamai’s CDN that can be used for domain fronting. This research demonstrates a new technique for hiding a C2 channel completely within a CDN. We will show POC tools that utilize this technique.