redttps

C2 Google Calendar

Description

Command and Control (C2) using Google Calendar is a stealthy exfiltration and communication technique that abuses the legitimate infrastructure of Google Calendar to send and receive data between a compromised host and an attacker-controlled calendar.


Steps

  1. Download tool: https://github.com/MrSaighnal/GCR-Google-Calendar-RAT
  2. Tutorial: https://chennylmf.medium.com/unveiling-the-cunning-a-demo-of-google-calendar-rat-exploiting-calendar-service-for-c2-operations-d6ee0b2f8011

    3. Improving Opsec

  3. Re-implements the technique in another language
  4. Add the login credentials to the code to avoid downloading the credentials.json file
  5. Random delay between requests