<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>C2 on Prepakis Georgios | Kernelstub | Security Researcher</title><link>https://blog.kernelstub.dev/tags/c2/</link><description>Recent content in C2 on Prepakis Georgios | Kernelstub | Security Researcher</description><generator>Hugo</generator><language>en-US</language><lastBuildDate>Fri, 04 Oct 2024 00:00:00 +0000</lastBuildDate><atom:link href="https://blog.kernelstub.dev/tags/c2/index.xml" rel="self" type="application/rss+xml"/><item><title>Domain Generation Algorithms and Automatic Domain Registration in C2</title><link>https://blog.kernelstub.dev/posts/domain-generation-algorithms-and-automatic-domain-registration-in-c2/</link><pubDate>Fri, 04 Oct 2024 00:00:00 +0000</pubDate><guid>https://blog.kernelstub.dev/posts/domain-generation-algorithms-and-automatic-domain-registration-in-c2/</guid><description>&lt;h2 id="what-is-a-domain-generation-algorithm-dga"&gt;What Is a Domain Generation Algorithm (DGA)?&lt;/h2&gt;
&lt;p&gt;If you&amp;rsquo;re running a botnet, you have a problem: your infected hosts need a way to phone home, but the moment defenders find your command and control (C2) domain, they blocklist it, sinkhole it, or hand it to a takedown request, and your whole fleet goes dark at once. A single hardcoded IP or domain baked into your malware is a single point of failure, and it&amp;rsquo;s the first thing an incident responder goes looking for when they pull apart a sample in a sandbox.&lt;/p&gt;</description></item></channel></rss>