DEF CON 32 - MFT Malicious Fungible Tokens - Mauro Eldritch, Cybelle Oliveira

In this technical talk, we will uncover a new aspect of NFTs: using them as attack vectors to relay C2 commands. Fingerprinting a system? Exfiltrating information? Encrypting and wiping data? Executing arbitrary commands? Of course! But with a dark twist: deployed NFTs are blockchain-backed assets immune to takedowns. Imagine having your own “immortal” C2 Server for less than $10 dollars in $ETH. For this, we will introduce “mFT” an open-source tool that automates the creation of malicious payloads and provide sample harmless NFTs, allowing attendees to explore this novel attack vector on their own machines safely. This talk is the spiritual successor of "Everything is a C2 if you're brave enough".