If I asked you what the common ways to exploit a cloud app for malicious purposes are, I bet your answer would probably be either to use it to distribute malicious content (such as malware or phishing pages), or to host the command and control (C2) infrastructure. In reality another frequent technique is the dead drop resolver, where a legitimate service is abused by threat actors to host the information related to the C2 infrastructure rather than the C2 infrastructure its