One Part Steganography, Four Redirectors, and a Splash of C2!

Curtis Brazzell
9 min readSep 20, 2020


What do you get when you combine Google Images, QR Codes, and Remote Command Execution? This silly project of mine I’d like to share with you all, of course! Building off of my security research from my last couple of blogs, I decided to use my research using dynamic web content to proxy traffic over third party image providers, and try to find a valid bi-directional method for sending data between a NAT’d client and a public server. Alternatively put, I wanted to see if I could build my own crude Command and Control…

Curtis Brazzell

Passionate geek for Information/Cyber Security! I’m always learning and am happy to contribute anything I can share with the community. Follow me @ Twitter!