Showing posts from November, 2019

Ridiculous ways of controlling a computer remotely part 1: Telegram

So, recently I heard about a virus that exfiltrates data via telegram, and it got me thinking. What if you could use telegram for a reverse shell? What other ways are there which you could do for this? And I feel like I've come up with pretty good answers to each of these questions. Telegram Possibly the only kind of useful thing on this list, the fact that telegram is encrypted end-to end, meaning that is is very difficult to glean info on what is being send to received, the fact that it is a relatively innocuous and widely used messaging app, and the fact that it is relatively anonymous. However, there are some things which make the jobs of blue teams everywhere a little bit easier. It's not completely anonymous, as you need a phone number to sign up, and the phone number needs to be verified. This fact alone would make this a rather silly idea for people in countries that care, because once that sim connects your government gets a decent idea of where you are. However,