1d8 / publications
There have been many attacks in which attackers abuse legitimate web applications and use them as a command and control server in order to evade detection.
This has been seen in pieces of malware which abuse Dropbox's for command and control or malware which abuses Discord for command and control of victims
There have also been instances in which legitimate web applications have been used for payload delivery such as in this proof of concept that uses Spotify
In this blog post, we'll be using the project manager Monday.com's API as a command and control server in order to interact with a victim computer. We will refer to our victim computer as a 'bot'. Interaction will include:
Monday.com has boards which can be simply seen as subworkspaces for the workspace. Each board has a board ID which is the last part of the URL when you click a board:
Within each board, you have groups, and within these groups will be items. These items will be used to issue commands to our bots. The items will be named according to the command we wish to specify.
