The Accidental C2 - Exploring Dev Tunnels for Remote Access

This article explores the repurposing of Visual Studio Code Dev Tunnels for remote access and Command and Control (C2) during Red Team assessments. The research deconstructs the multi-layered protocol—covering REST management, WebSocket tunneling, SSH connection nuances, and MsgPack RPC—to understand how commands are executed and files are manipulated remotely. The author highlights the complexity of the protocol, which deviates from standard SSH implementations to support Microsoft's relay infr