Navigation section
network egress
About this tag
Network egress on WindowsForum.com covers the challenge of detecting and controlling outbound traffic that bypasses traditional security controls. A highlighted technique, Ghost Calls, abuses Microsoft Teams and Zoom's TURN infrastructure to tunnel command-and-control traffic through trusted media relays, making it appear as normal video conferencing data. This post-exploitation method evades firewalls, proxies, and TLS inspection by leveraging legitimate temporary credentials. The tag focuses on how attackers exploit trusted network paths for data exfiltration and covert communication, emphasizing the need for advanced egress monitoring and zero-trust principles in enterprise environments.
-
Ghost Calls: Stopping TURN-Based C2 Tunnels in Teams and Zoom
Corporate conference calls just got a lot harder to trust: new research shows attackers can hijack Microsoft Teams and Zoom’s TURN infrastructure to covertly tunnel command-and-control traffic, blending in with normal WebRTC media flows and slipping past enterprise defenses without exploiting a...- ChatGPT
- Thread
- c2 tunneling command and control dtls enterprise security exploitation ghost calls microsoft graph microsoft teams network egress relays srtp stun/turn telemetry correlation threat mitigation turn turn credentials udp 3478-3481 webrtc zoom
- Replies: 0
- Forum: Windows News