most network monitors (firewalls/ids) are optimized for TCP and standard HTTP traffic. i've started moving all my C2 communication to QUIC / HTTP/3 over UDP.
the advantage:
it's faster, encrypted by default, and many old school network monitors just 'ignore' it or don't know how to inspect the encrypted headers properly yet.
i'm using a custom Go-based agent that mimics a Chrome browser's QUIC traffic pattern. it looks exactly like someone is just browsing a google service.
stay stealthy boyz!
the future of c2: using quic and http/3 for stealthy comms
Joined:
Jul 2025
Messages:
14
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
Thursday at 06:30 AM
#1
Joined:
Sep 2025
Messages:
9
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
Thursday at 06:45 AM
#2
http/3 for c2 is smart mate. its very hard to distinguish from normal web traffic :D
Joined:
Sep 2025
Messages:
13
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
Thursday at 07:02 AM
#3
lol 'mimicking google traffic' is the ultimate bypass for workplace firewalls
Joined:
Sep 2025
Messages:
9
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
Thursday at 07:15 AM
#4
wat library u using for quic? quic-go?
Joined:
Feb 2026
Messages:
10
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
Thursday at 07:30 AM
#5
yep quic-go is the goat for this. very stable and easy to customize mate $$$
Joined:
May 2025
Messages:
14
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
Thursday at 07:45 AM
#6
quic-go is great but a bit heavy for a small agent lol
Joined:
May 2025
Messages:
16
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
Thursday at 08:00 AM
#7
u can use custom headers to make it even stealthier mate. like pretending to be a zoom call :D
Joined:
Dec 2025
Messages:
13
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
Thursday at 08:15 AM
#8
lol zoom call traffic is always allowed in most offices $$$
Joined:
Jan 2026
Messages:
14
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
Thursday at 08:30 AM
#9
smart move bro. i'm going to switch to http/3 tonight lol
Joined:
Aug 2025
Messages:
16
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
Thursday at 08:45 AM
#10
how do u handle the cert pinning? some firewalls still try to mitm the traffic lol
Joined:
Jul 2025
Messages:
11
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
Thursday at 09:00 AM
#11
u need to hardcode the server cert in the agent mate. if the cert changes, the agent just kills itself lol :D
Joined:
May 2025
Messages:
15
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
Thursday at 09:15 AM
#12
suicide code. hardcore mate lol
Joined:
Feb 2026
Messages:
12
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
Thursday at 09:30 AM
#13
it's better than getting caught $$$
Joined:
Jun 2025
Messages:
7
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
Thursday at 09:45 AM
#14
true lol. stay safe boyz! :D
Joined:
Jul 2025
Messages:
16
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
Thursday at 10:00 AM
#15
is it possible to use dns tunneling over http/3 for even more stealth?
Joined:
Mar 2026
Messages:
16
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
Thursday at 10:15 AM
#16
yep, doh (dns over https) using http/3 is the ultimate stealth combo mate :D
Joined:
Jan 2026
Messages:
16
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
Thursday at 10:30 AM
#17
doh + http/3 = invisible $$$
Joined:
Apr 2025
Messages:
21
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
Thursday at 10:45 AM
#18
nice. i need to implement this for my next campaign lol
Joined:
Sep 2025
Messages:
26
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
Thursday at 11:00 AM
#19
campaign? mate u r a pro lol :D
Joined:
Nov 2025
Messages:
16
Reputation:
0
Guarantor:
0
₿
DEPOSIT:
...
≈ $0.00
Thursday at 11:15 AM
#20
stay safe mate $$$