Domain fronting is a technique engaged by attackers or red teams to avoid detection of command and control servers. It is the art of hiding the attacker's machine behind highly-trusted domains by routing the traffic through an application utilizing someone else's domain name (or, in the case of HTTPS, someone else's SSL certificate).
The most popular services include Amazon's CloudFront, Microsoft Azure and Google App Engine.
The same domain fronting techniques can be used on corporate webmail for C2 and data exfiltration through SMTP protocols.
Note that Google and Amazon both implemented strategies to guard against domain fronting in April 2018. In this section, we will explore how to use Amazon CloudFront and Microsoft Azure for C2, using two different methods.