GhostTunnel is a covert backdoor transmission method that can be used in an isolated environment. It communicates by embedding data in beacon and probe requests. A few months ago, we published the GhostTunnel server and windows agent implemented in C/C++, and now we are going to update it.
In this talk, we will introduce the “Ghost Tunnel 2.0” which uses Bluetooth to communicate. With the function and security of Bluetooth, we can establish multiple tunnels between the client and server at the same time. That means we can create a separate tunnel to send files or executive commands, and the entire communications link cannot be tracked and sniffed. In addition, Bluetooth traffic will not be inspected by most types of protection. We can also achieve duplex communication with BLE advertising packets only for specific OSes. Scaning and connecting operations are not employed in the communication process and would lead to an even more convert method of connection.