I want to thank you and the other user (hobofan) for pointing out the use of crypto currencies as C2s. I do bioinformatics for a living, not infosec, so that's another fun little rabbit hole for me to go on...

Hey I actually created something like this when I was once curious. Its called nanotimestamps

I found it when I realized that nano had 0 fees and I realized that by using a nano vanity address generator, I can embed data into a series of transactions and then basically embed data into the chain (for free) since there is 0 gas fees

Now I created it as a way of getting timestamps of any data onto the chain but you can embed any information and create c2c's on top of that

There is also a way that I vibe coded once to embed data directly into the vanity address and so you can lose 10^-32 nano or basically negligble which is more efficient as well

If you have any questions, I'd love to answer (also even if I like the tech, I think that crypto's fundamentally really really volatile and I prefer things like index funds being honest)

Cool! I wasn't aware of nano; your point about the gas fees is really compelling, as there's a lot of stuff I've wanted to try building on Ethereum et al that I just haven't done because I can't get over the hurdle of paying transaction costs lol.

Is this you? https://github.com/Koeng101/nanotimestamps

> also even if I like the tech, I think that crypto's fundamentally really really volatile and I prefer things like index funds being honest

At the risk of derailing the thread, I agree. However, I think "tokenization" is probably crypto's killer app if the messy problem of legal finality rectifying assets on the blockchain with their real-world counterparts can be solved. I touched upon this in a separate post on my blog.

Oh yeah another point, see my other comment as well but if you need to start with nano, all you need is a faucet which you can get for literally free and that's all you need for you to experiment with my project.

You really don't need to spend any money at all and that's actually how I built it. I recommend you to contact me if you wish to run it locally for experiments purposes as it requires bao and nano-vanity-generator, you can take the look at the code

Also I would like to disclose that the code is AI generated. I have no expertise in this field but I found this idea fascinating and saw nobody doing it so did it. But still, I am just proud of my idea and I get good reception whenever I mention this idea (which is quite a lot, tbh I am proud of it a little) so yeah, I love talking about this project's idea fascinating as well and I have expanded upon this work privately to even build ways of creating ones own tokens on top of nano etc. but creating wallet etc. and more abstractions felt wrong and I just wanted to prove it was possible

To be honest, you creating a c2 server on hinge was similar to this feeling of "proving" as well.

To me, its just that if I can prove something, then I can figure out the practical uses of it later (like discussing it right now) etc.

I guess we both are similar in the "proving" way reading your article which is nice to hear, Let me know if you have any questions as I would love to answer!

> Is this you? https://github.com/Koeng101/nanotimestamps

No its not, I have the domain nanotimestamps.org but its not really doing much (its called laziness from my side)

https://github.com/SerJaimeLannister/nanotimestamp/blob/main...

Here you go! (the video starts as a gif but there is also a .mp4)

Ended up finding that the best way to upload videos is probably github wiki pages

https://github.com/SerJaimeLannister/nanotimestamp/wiki

So let me know how you like this project, Y'know making this project had to make me build some abstractions which you might be interested to look at as well and could be used for multiple purposes.

Create an issue in my github repo if you want to talk to me if you have any questions as well and I would love to answer there and here as well if you wish! Glad my project could be of interest to ya! If you have any use cases for my project, then let me know as well

have a nice day! Looking forward to talk to ya

If you want the Ethereum VM but with lower tx costs, try one of the L2s.

Any L2 you'd recommend? The last time I dipped my toe in that world I only bothered with L1s like Ethereum, Solana, etc.

Have a look at L2BEAT - any L2 EVM in the top 10 is fine (disclosure: I work for an L2). Check their native token price to understand gas price and onboarding complexity. Some L2s use ETH bridged from Ethereum rather than a native token.

If you are interested in cheap L1's which aren't restricted like nano, I can recommend stellar, (sei?) etc. although these are L1's

If you are interested in L2's, polygon's cheap as well fwiw

+1 for Polygon. Very cheap.

Many networks block non-http/s traffic.

Block explorer websites expose blockchains over http/s.

Yes, and can easily be blocked if they are commonly used for c&c, like many other sites are (such as gists and pastebins) for the same reason.

if you add non trivial address generation there simply isn't a good way to block it except for hope and prayers. nobody really wants to play wack-a-mole on blocking addresses for c2 servers and then there will always be websites which straight up do not care.

I mean, at that point, why wouldn't you just rely on a DGA? At least then you wouldn't be flooding block explorer sites with millions or potentially tens of millions of requests per day for your C&C traffic.

Essentially the exact approach you propose has been attempted in far cleverer ways, it did not work very well.

well you wouldn't really want to use it for botnets that large, modern botnets run off similar systems internet runs off - edge endpoints and crypto currency is just a nice distributed database to rely upon to synchronize everything

I don't think you'd want to go through the trouble for smaller botnets though. It's really only the very big ones that face co-ordinated takedown efforts.

For a very small botnet that doesn't attract attention, you could really use any social media site for C&C if your goal was to avoid network-level detection.

For a slightly bigger botnet that might get abuse reports, you could just get a bunch of domains on different ccTLDs from various bulletproof registrars. There are some huge botnets doing this without much trouble.

It's really only the really big botnets where you want to worry about things like P2P C&Cs for censorship resistance, they're the ones that will face co-ordinated efforts to shut them don.

I feel like the block explorers aren't a really good solution, for small botnets there are less conspicuous options. Here's a (real) botnet C&C that uses Steam, and has been doing so for a long time https://steamcommunity.com/profiles/76561199621451974 It's a rather silly implementation though, not sure why the developer decided to do it this way.

It's also worth noting that most botnets aren't targeting networks where they'd really have to worry about network-level detection, so in almost all cases using your own domain names is by far the easiest and most reliable option.

I'd also guess the most common malware these days is of the often short-lived "stealer" type, where the operator doesn't necessarily really care about keeping their bots alive as the malware just immediately grabs all the interesting data from your computer and uploads it.

There are much lighter alternatives though, why would you want to bother with cryptocurrencies when you could just use DHT?

I mean, even just shipping a Tor client embedded in your malware seems like a much better idea.

>just rely on explorers to query your own wallet

This kind of defeats the point, you get exactly 0 censorship resistance like this.

enlighten me how a non trivially generated address that is only known by malware can be implemented in every single blockchain explorer?

you would have to extract the keys from the malware, you would then have to implement the logic and announce it - then rely on blockchain exploreres actually using that data to block addresses in real time.

I'm not 100% sure I understand what you're saying, but I guess you're asking how this could be censored?

> you would have to extract the keys from the malware

Yeah? That happens all the time. If you're designing mechanisms like this, it's presumably specifically against adversaries which are doing exactly that.

> you would then have to implement the logic and announce it - then rely on blockchain exploreres actually using that data to block addresses in real time.

Someone would only have to do this once and all your bots would be gone.

Usually the whole point of these mechanisms is C&C resilience, and usually that only matters for really big botnets which face co-ordinated attacks.

Any good C&C system for a bigger botnet would seek to eliminate all meaningful external points of failure for C&C. Using a block explorer, or HN comments, does not achieve that.

that's why you have large lists, fallbacks and rolling updates to said fallbacks. it isolates you as the c2 owner to the c2 malware. once you have that you can just query from any kind of server and publish it anywhere else, you can have it act as an indirect proxy, not the primary contact point - it's a globally available database for a low low cost of transaction fees.

but explorers are the easiest since there's so many of them and so many of them that do not give two shits about blacklisting addresses.

And what do you gain from all this extra complexity designed to compensate for fundamentally unreliable c&c channels?

You could've just used DHT, or even bundled Tor.

because a c2 mechanism isn't that useful when you can't even send the packets out to the internet to use it when t1's get off their ass and actually do something useful.

>because a c2 mechanism isn't that useful when you can't even send the packets out to the internet to use it when t1's get off their ass and actually do something useful.

There are lots of ways to disguise p2p traffic to make it indistinguishable from common, legitimate software.