Really liked your blogpost on using Monday as CnC. 👍

Do you still plan to expand the blog post? Do you have some similar examples to this? I feel like this is a pretty common problem, what would you recommend for service providers to do to prevent attackers to abuse their services for similar attacks?

Hi! I appreciate your feedback!

Currently, I do not plan on expanding the blog post but I do indeed have similar examples! Pretty much anything that you can use to upload text and links could be used as a command & control server. For example, a blog site in which blog posts host different commands can be used, and the comment section could then be used in order to receive data back from a victim's computer.

Another example would be Souncloud! I was initially going to use this platform but unfortunately they are not longer processing API applications. My thought process was using the song's metadata tags as a way to send commands out and using comments as a way to receive data back.

As far as preventing this type of thing from happening, I believe that it's quite difficult because all it takes is a way to post data and receive data back.

EDIT: I believe that one way to detect this from a victim standpoint would be to investigate any unusual traffic. For example, if an employee doesn't normally use a service such as Soundcloud then all of a sudden they are making GET and POST requests to its API, then it may be deemed suspicious and require further investigation.