AWS provides services that help you create complex applications with increased flexibility, scalability and reliability, sufficient processing power, storage for databases, delivery and other functionality.
A group of researchers developed a way to use the AWS API Amazon. A reliable malicious channel was created through the use of Cobalt Strike specifications “ExternalC2”. To summarize, blue teams have a variety of techniques at their disposal to block and detect malwares. By utilizing AWS API services – particularly S3 buckets – as the C2 source, we can be assured the domain will be live in all environments and subvert the prevention / detection techniques.
You can get acquainted with the details in Dwight Hohnstein’s article. This article demonstrates how to bypass several network security tools.
