LOLC2: C2 via Legitimate Services

LOLC2 is a collection of legitimate services and how to use for command-and-control. The detection sections for Microsoft services are especially interesting (funny) to look at:

Microsoft Sharepoint

C2 Projects:

• https://github.com/looCiprian/GC2-sheet
• https://github.com/RedSiege/GraphStrike

Detection:

• url: https://graph.microsoft.com/v1.0/sites//lists//items/
• url: https://graph.microsoft.com/v1.0/sites//lists/

Abusing Microsoft SharePoint for C2

Actors can upload malicious files or embed instructions in SharePoint lists, leveraging common document collaboration channels to hide C2 communications.