THREATOPS
THREAT OPSThreat News › The Accidental C2: Exploring Dev Tunnels for Remote Access

The Accidental C2: Exploring Dev Tunnels for Remote Access

lowspecteropsPublished 2026-05-06

<p class="wp-block-paragraph"><strong><em>TL;DR:</em> </strong><em>Dev Tunnels aren’t &#8220;just port forwarding&#8221;. They consist of layers of embedded protocols with RPC messages being exchanged. Once you peel the layers, you quickly see how Dev Tunnels are a C2 framework with extra steps.</em></p>

<h2 class="wp-block-heading" id="h-introduction">Introduction</h2>

<p class="wp-block-pa

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://specterops.io/blog/2026/05/06/dev-tunnels-the-accidental-c2/