A few weeks ago I wrote an ISC diary about a piece of malicious code that used ngrok.io to communicate with the C2 server. Just a quick reminder about this service: it provides a kind of reverse-proxy for servers or applications that people need to publish on the Internet. I
![](https://blog.rootshell.be/wp-content/uploads/2020/12/ngrok-target.png)