You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
c2 tunneling
About this tag
C2 tunneling refers to techniques that hide command-and-control traffic inside legitimate network protocols to evade detection. On WindowsForum.com, discussions cover how attackers repurpose Microsoft Teams and Zoom's TURN infrastructure to tunnel C2 traffic, a method called Ghost Calls. This post-exploitation tactic uses temporary TURN credentials from meeting joins to route attacker traffic through trusted media relays, blending with WebRTC flows to bypass firewalls, proxies, and TLS inspection. The tag covers enterprise defense challenges, detection strategies, and the abuse of collaboration platforms for covert channels, relevant for IT security professionals managing Windows environments.
Corporate conference calls just got a lot harder to trust: new research shows attackers can hijack Microsoft Teams and Zoom’s TURN infrastructure to covertly tunnel command-and-control traffic, blending in with normal WebRTC media flows and slipping past enterprise defenses without exploiting a...