Abusing Google Apps: Google is my Command and Control Center

This talk is about abusing Google Apps to implement various attacks that ranges from Hostless Phishing to setting up a Botnet’s Command & Control Center. In this talk i will demonstrate the implementation of Hostless Phishing, the rebirth of age old e-mail bombing, and finally implementing a cross platform (Windows, Linux, Mac) bot in python that uses Google Apps as it’s C&C. The Bot and C&C communication is done via Layer 7. The Botnet’s commands and responses are encrypted with Google’s own SSL connection.

This talk will give the audience an idea about how the innocent Google services can be abused by an attacker.

Ajin Abraham is an Information Security Researcher. He is the creator of OWASP Xenotix XSS Exploit Framework. He is a strong supporter of Free & Open Information Security Education. He runs a successful DEFCON Chapter at Kerala.

His area of interest includes web app & stand-alone app security and coding tools. He has been invited to speak at multiple security conferences like DEFCON Bangalore, ClubHack , nullcon Goa, OWASP AppSec AsiaPac 2013, BlackHat Europe 2013, Hackmiami 2013 and Confidence 2013, BlackHat US 2013 and G0S 2013.