Command & Control (C2) Server

C2s are used by attackers to maintain communications with compromised systems within a target network

• It must be restricted to the Red Team Operators & Managers

• Features :

  • Customization

  • Integration with latest tools / scripts

  • Running implants in-memory / Payload Generation

  • Operator based IAM Roles

C2 Pools & Selection

Various Open-Source / Commercial options available out there

• Red Team selects C2’s based on these criteria :

  • Compatible with Victim Workstation / Servers (Mac, Win, Linux)

  • Operator Roles Assignment

  • Customization & Accessibility

  • Client requirements & policies

  • Extensibility & Integrability with InfoSec community lead research

Operator Roles

• While performing ops, Red Team requires role assignment for operators

• The operators will have a separate login ID to access the C2 Portal

• Some C2s offer centralized team server & the operators connect via softwares to perform operations

• This way multiple operators can access the C2 simultaneously

C2 Profile

• We will be using Mythic because of the compatibility with Mac, Win & Linux

• Open-Source & offers features comparable with commercial C2s

• Have C2 Profiles & Customization Support

Mythic C2

• We will be using Mythic because of the compatibility with Mac, Win & Linux

• Open-Source & offers features comparable with commercial C2s

• Have C2 Profiles & Customization Support