> Furthermore, as Cloudflare Tunnel requires the installation of the 'cloudflared' client, defenders can detect its use by monitoring file hashes associated with client releases.<p>Is this effective? Presumably attackers could `go build` their own binaries to get equivalent clients with different hashes, or even combine the open-source `cloudflared` internals with a larger payload.
Comments from a similar article posted yesterday: <a href="https://news.ycombinator.com/item?id=37023806">https://news.ycombinator.com/item?id=37023806</a>
I'm the author of the source blog. Happy to answer any questions about the research I conducted on this! Was a fun project to run through and discover additional attack vectors!