codepen.io

C&C Download

None

Attackers can use codepen.io to execute JavaScript and establish a websocket connection to a remote C&C server. An example is available thanks to @fkadibs: https://codepen.io/fkadibs/pen/KKvrZGq

None

Attackers can use codepen.io to download malicious tools. Although the attacker cannot download binaries directly, one method of doing so is by first base64 encoding the binary then adding it to the HTML section of a pen and then downloading decoding the binary.