Analysis updated 2026-05-18
Study how legitimate cloud services can serve as covert communication channels in a controlled lab environment
Generate realistic Spotify and Telegram HTTPS traffic patterns to build and test network detection rules
Demonstrate command-and-control concepts during security training or authorized red team exercises
Emulate a cloud-assisted threat scenario to test endpoint monitoring and alerting tools
| nirvanaon/spotifyc2 | chaelsoo/hollow | mitchellh/tree-sitter-proto | |
|---|---|---|---|
| Stars | 98 | 80 | 75 |
| Language | C | C | C |
| Last pushed | — | — | 2024-06-21 |
| Maintenance | — | — | Dormant |
| Setup difficulty | moderate | moderate | moderate |
| Complexity | 3/5 | 3/5 | 2/5 |
| Audience | developer | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires Visual Studio 2022 with Windows SDK and libcurl configured, plus a Spotify playlist ID and a Telegram bot token set as compile-time constants.
SpotifyC2 is a Windows-based program written in C that demonstrates how a public cloud service can serve as a command channel for a controlled test environment. An operator renames a Spotify playlist to whatever shell command they want executed, and a client program running on a Windows machine polls that playlist every 20 seconds, reads the title, runs the command, and sends the output back to a Telegram chat. No dedicated server is involved. The project intentionally avoids needing a Spotify developer account or OAuth login. It uses Spotify's public oEmbed endpoint, a URL that returns basic metadata about any playlist without authentication. The client downloads that metadata with libcurl, parses the playlist title, executes the command with a Windows system function that captures standard output, URL-encodes the result, and posts it to a Telegram bot via its HTTP API. All traffic travels over HTTPS. The codebase is a single C source file with five functions: one to fetch the Spotify playlist title, one to run the command and capture its standard output, one to send output to Telegram, one network data callback, and one URL encoder. To build it you need Visual Studio 2022, the Windows SDK, and libcurl. Before compiling you set four constants directly in the source: the Spotify playlist ID, the Telegram bot token, the chat ID, and the polling interval, which defaults to 20 seconds. Commands are only executed when the playlist title changes. The README is explicit that this is security research for defensive purposes: studying how legitimate services can be misused as covert channels, generating realistic network traffic for detection engineering, and supporting threat emulation in authorized lab settings. It includes a disclaimer requiring explicit permission before deploying on any network.
A Windows C program that uses a Spotify playlist title as a command channel and delivers command output to a Telegram chat, built for cybersecurity research and detection engineering.
Mainly C. The stack also includes C, Windows, libcurl.
MIT: use freely for any purpose, including commercial use, as long as you keep the copyright notice.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.