LibOMG

Presented circa 2007, this talk introduced botnet command and control mechanisms that leveraged social media platforms—specifically Myspace and Facebook—as covert communication channels.

Overview

The project demonstrated an encoding/decoding scheme that disguised C2 commands as innocuous social media posts that appeared to be casual banter. This was SophSec's only public presentation, showcasing early research into using legitimate web platforms for covert communications before such techniques became mainstream in advanced persistent threat (APT) toolkits.

Key Concepts

• Social media platforms as C2 infrastructure
• Steganographic encoding of commands in social posts
• Evading detection by blending with normal user behavior
• Proof of concept: Myspace and Facebook integration

Resources

• Related Video
• Code: Archives to be recovered

Note: This talk was not recorded, but demonstrates early innovation in social media exploitation techniques.