January TASK: Dark Caracal / Command and Conquer: Red Alert – C2 tradecraft and design

Wednesday 31-January-2018 // 6:00 – 9:00 PM
Meeting Location: 88 Queens Quay West, Toronto
Room: 29th Floor


January TASK

This month we welcome Apurva Kumar and Jeremy Richards as they discuss the Dark Caracal espionage investigation, announced on January 18 at https://blog.lookout.com/dark-caracal-mobile-apt. Lee Kagan will also join us with a tech talk on C2 tradecraft and design.

We have a new meeting location. Don’t forget to mark the new address: 29th Floor, 88 Queens Quay West, Toronto.

As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.

Any questions email info@task.to. We look forward to seeing you there!


Apurva Kumar & Jeremy Richards
Dark Caracal

Lookout and Electronic Frontier Foundation (EFF) have discovered Dark Caracal, a persistent and prolific actor running a global espionage campaign against military personnel, enterprises, medical professionals, lawyers, journalists, educational institutions, and activists.

Dark Caracal has operated a series of multi-platform campaigns starting from at least January 2012, according to our research. The campaigns span across 21+ countries and thousands of victims. Types of data stolen include documents, call records, audio recordings, secure messaging client content, contact information, text messages, photos, and account data. We believe this actor is operating their campaigns from a building belonging to the Lebanese General Security Directorate (GDGS) in Beirut.

This talk will cover the investigation and findings of the months-long investigation.


Lee Kagan
Command and Conquer: Red Alert – C2 tradecraft and design

An analysis of various C2 infrastructure design concepts for pentesters, red teams, and threat actors.

This presentation will examine the many options available when building and operating a command and control (C2) infrastructure. From the simple to the complex, Lee will cover topics such as design choices made by notable aggressors, differences in requirements between pentesters, red teams, and threat actors, other implementation considerations, OPSEC, and defensive measures. There will also be a video demonstration of a C2 in action.


Meeting Location: 29th Floor – 88 Queens Quay West, Toronto.

Posted in Events.