Now if you spend some time googling around the search terms "port knock backdoor" and "cd00r" eventually you will come across this mention of Turla using a cd00r variant.


Now Turla is not small fish in Black sea, they are big time russian apt. Kind of guys that get a bear named after them. And they've been around for fucking ever.


In fact, they are notable for having the sexiest C2 of all time, via hijacked satellite links. https://securelist.com/satellite-turla-apt-command-and-control-in-the-sky/72081/

We've all gotta have our heros, yknow? (If anyone from Turla is reading this, I'd love some merch or we can do a jersey swap. Can't find a gift shop anywhere)

Does this mean that we can just get the cd00r backdoor running, change around a couple functions and BOOM we become an APT?

Of course not! But lets go make it happen.

Last modified: Thursday, 7 January 2021, 12:28 PM