Level: Tehnical
Abstract:
How do threat actors build sophisticated, anonymous attack infrastructure for less than $10? This presentation demonstrates the complete attack chain using only legitimate services—Namecheap, Cloudflare Zero Trust, and Crypto—to create credible phishing campaigns with persistent remote access.
The Attack Chain ($6.98 + fees):
Modern attackers don’t need expensive infrastructure. By leveraging “Living off the Land” techniques with trusted cloud services, they can:
- Purchase legitimate domains anonymously via Bitcoin
- Create professional email infrastructure that bypasses spam filters
- Establish encrypted tunnels through Cloudflare’s CDN (evading firewall detection)
- Maintain persistent SSH access through trusted network traffic
- Launch convincing spear-phishing campaigns
Technical Deep Dive:
This talk walks through each phase with live demonstrations and code examples:
- Domain Acquisition: Namecheap registration with Bitcoin, DNS configuration (SPF/DKIM/DMARC)
- Cloudflare Zero Trust Exploitation: Importing domains, creating tunnels, establishing encrypted C2 channels
- Persistent Access: Configuring cloudflared daemon, SSH key deployment, automatic reconnection
- Phishing Delivery: Social engineering tactics, bash script delivery, full kill chain demonstration
Why This Matters:
These techniques evade traditional security controls because they:
- Use trusted services (Cloudflare, legitimate domains) that bypass most detection
- Require minimal technical skill and investment (<$10)
- Scale easily across multiple campaigns
- Provide reliable, long-lasting access channels
- Offer strong anonymity through crypto and legitimate infrastructure
Defensive Focus:
While demonstrating offensive techniques, this talk emphasizes practical defense strategies:
- Detection methods for malicious use of legitimate services
- Monitoring unusual Cloudflare tunnel activity
- Email security best practices for sophisticated phishing
- Network segmentation to limit compromise impact
- User awareness training based on real social engineering tactics
Target Audience:
- SOC analysts
- Threat intelligence researchers
- Penetration testers
- Incident responders, and anyone interested in understanding modern, low-cost attack techniques and how to defend against them.
Educational Purpose:
All demonstrations are conducted in isolated lab environments. This presentation aims to raise awareness and improve defensive capabilities, not to encourage malicious activity.
Bio:
Sérgio Costa is a Cyber Threat Intelligence Researcher at Axur. He is a veteran of the Brazilian Marine Corps, he holds EC-COUNCIL CTIAv2 certification and graduated in Cyber Defense from FIAP. His research focuses on threat actor methodologies, counterintelligence, and offensive security techniques that help defenders understand and mitigate modern attacks.