For four years, a security company was able to track command and control (C&C) traffic generated by several well-known hacking groups thanks to a tiny anomaly in a penetration-testing tool. This news emerged in a write-up by Fox-IT, which described how in 2015 one of its researchers spotted a small ‘whitespace’ error in HTTP responses from the ‘beacon’ NanoHTTPD-based web server that can be implanted inside a target network as part of a tool called Cobalt Strike.
Read full news article on Naked Security