In the 21st century, cyber-based attackers such as advance persistent threats are leveraging bots in the form of botnets to conduct a plethora of cyber-attacks. While there are several social engineering techniques used to get targets to unknowingly download these bots, it is the command-and-control techniques advance persistent threats use to control their bots that is of critical interest to the author. In this research paper, the author aims to develop a command-and-control microservice application programming interface infrastructure to facilitate botnet command-and-control attack simulations. To achieve this the author will develop a simple bot skeletal framework, utilize the latest in API development frameworks, and simulate 2 types of malicious cyber-attacks. The attacks will be in the form of data exfiltration and data encryption. The author realizes that there needs to be quantitative data aggregation on the performance of the API and malicious bots. The author will be designing and developing a system to achieve this goal as part of their future work.
Nguyễn, T. H. (2022). C2 Microservices API: CH4RL3SCH4L3M4GN3 [Unpublished manuscript]. School of Computer Science & Engineering, Sacred Heart University.