# Command and Control

* [Matrix](https://www.thec2matrix.com/)
* [bcsecurity](https://www.bc-security.org/) maintains Empire 4
* [Empire](https://github.com/BC-SECURITY/Empire.git)
* [Armitage](https://gitlab.com/kalilinux/packages/armitage.git)
* [Covenant](https://github.com/cobbr/Covenant)
* [Sliver](https://github.com/BishopFox/sliver)

* Server
    * Listener
* Payloads/Agents
    * Staged/Dropper
    * Stageless
* Beacons from Agents, disguised through jitter
* Modules
    * Post Exploitation
    * Pivoting

## Domain Fronting

* Use a Domain on the C2 server 
* User Cloudflare to proxy the request and responses to and from the target
* Use HTTPs for channel encryption

## Profiles

* Server evaluates by custom user-agents to identify agents

## Types

* Std listener, TCP or UDP
* HTTP/HTTPS, counter FW
* DNS, if internet access of the target is flaky
* SMB, counter network segments

## Redirector

* Apache or nginx as reverse proxy in front of the  c2 server
* FW is still needed in front of the redirector
* These get burned instead of the c2