killchain-compendium/post_exploitation/docs/c2.md

46 lines
1.0 KiB
Markdown
Raw Normal View History

2021-08-23 01:13:54 +02:00
# Command and Control
* [Matrix](https://www.thec2matrix.com/)
* [bcsecurity](https://www.bc-security.org/) maintains Empire 4
2022-03-10 01:31:54 +01:00
* [Empire](https://github.com/BC-SECURITY/Empire.git)
* [Armitage](https://gitlab.com/kalilinux/packages/armitage.git)
* [Covenant](https://github.com/cobbr/Covenant)
* [Sliver](https://github.com/BishopFox/sliver)
* Server
* Listener
* Payloads/Agents
* Staged/Dropper
* Stageless
* Beacons from Agents, disguised through jitter
* Modules
* Post Exploitation
* Pivoting
## Domain Fronting
* Use a Domain on the C2 server
* User Cloudflare to proxy the request and responses to and from the target
* Use HTTPs for channel encryption
## Profiles
* Server evaluates by custom user-agents to identify agents
## Types
* Std listener, TCP or UDP
* HTTP/HTTPS, counter FW
* DNS, if internet access of the target is flaky
* SMB, counter network segments
## Redirector
* Apache or nginx as reverse proxy in front of the c2 server
* FW is still needed in front of the redirector
* These get burned instead of the c2