DigitalOcean cloud platform released Platform-as-a-Service offering named Apps . That service is comparable to AWS Elastic Beanstalk and Azure App Services as it may be used by simply supplying customer's code and leaving backend setup stage to DO.
Nowadays cybercriminals are looking for ways to disguise their attacker infrastructures behind well-known and trusted DNS domains, that would evade stringent domain validation engines such as MS Defender for Office365 Safe Links, anti-spam domain-validation systems and others.
There are plenty of different publicly known ways to hide attacker infrastructures behind trusted domains, such as:
- Domain Fronting (via Azure CDN, StackPath CDN, etc)
- AWS Lambda, Azure Function & App Services, CloudFlare Workers redirectors
- Subdomain Hijacking
- Domain Borrowing
This Flask application will act as a reverse-proxy allowing us to host landing-sites, phishing pages or even C2 communication through https://your-application-name.ondigitalocean.app
URL.
- Clone this repository to your own Github/Gitlab account: https://github.com/mgeeky/digitalocean-app-redirector.git
After cloning it, edit the server.py to set up your Teamserver URL where that redirector should redirect inbound requests:
-
Click "Create App"
- Connect Digital Ocean with your Github
- Authorize DigitalOcean OAuth2 registration:
- Select your repository back in DigitalOcean
- Change Run command to following & change port to 443:
waitress-serve --port 443 --call server:create_app
-
Click "Next"
-
Select a name for your application:
- Pick "Basic App" plan and change Basic Size to 5$/mo :
-
Click "Launch Basic App"
-
Now wait :)
- Then you should have it:
https://atr-test-1-6wx7u.ondigitalocean.app/
Now the resulting URL is a domain to be used by your Implants to egress their connectivity outside of compromised environment.
This and other projects are outcome of sleepless nights and plenty of hard work. If you like what I do and appreciate that I always give back to the community, Consider buying me a coffee (or better a beer) just to say thank you! 💪
Mariusz Banach / mgeeky, (@mariuszbit)
<mb [at] binary-offensive.com>