Knowledge Bank
  • ๐Ÿ”ญAbout Us
    • ๐Ÿ‘‹Welcome to Securescape!
  • ๐Ÿ‘ถFundamentals
    • ๐Ÿ–ฅ๏ธOperating Systems (WIP)
      • Introduction to Operating Systems
      • Processes and Process Management
        • ๐Ÿ“ Processes
        • ๐ŸงตThreads
        • ๐Ÿ“…Scheduling
      • Memory Management
        • Virtual Memory Management
      • Storage Management
      • I/O Management
    • ๐ŸงLinux (WIP)
      • Introduction to Linux
      • Linux System Management
    • โšกProgramming (WIP)
      • ๐Ÿ”—Assembly
      • ๐Ÿ’ชC(++/#)
      • ๐ŸPython
      • ๐Ÿ‘‘Nim
      • ๐Ÿ”จBash
        • Introduction to Bash Scripting
        • Variables, Loops, and Port Scanner
    • ๐ŸšฉNetworking (WIP)
      • ๐Ÿ“ถNetworking 101
        • ๐Ÿ•ธ๏ธNetworking Basics
        • ๐Ÿ›‘Protocols
        • ๐Ÿง“IPv4
        • ๐Ÿง’IPv6
      • ๐ŸชกPacket Tracer
        • Interface
        • Connections
        • Creating Networks
        • Virtual LANS & Trunks
      • ๐Ÿ•ธ๏ธSubnetting
      • ๐Ÿ•ต๏ธNetwork Security
    • โœ๏ธReport Writing (WIP)
      • ๐Ÿ”Research Skills
      • ๐Ÿ—๏ธStructuring a Report
      • ๐Ÿ—ƒ๏ธCreating Templates
  • ๐Ÿฆ‚General Security
    • ๐Ÿ—’๏ธMethodologies
      • ๐Ÿ‡ญ๐Ÿ‡ฐOSSTMM
      • ๐ŸOWASP
        • Web Security Testing Guide
        • Mobile Security Testing Guide
      • ๐Ÿฆ…NIST
      • ๐ŸฅขPTES
      • โ›“๏ธCyber Killchain
    • ๐Ÿ”Binary Exploitation
      • ir0nstone's Binary Exploitation Notes
    • ๐ŸŽฉCheat Sheets
      • Enumeration
        • Network Scan
        • Vulnerability Scan
        • Web Scan
      • Exploitation
        • Page 1
        • Payloads & Shells
      • Post Exploitation
        • Lay of The Land
        • Persistence
        • Data Exfiltration
        • Pivoting
      • Command & Control
      • Disassembly
        • โ˜ข๏ธRadare2
        • ๐ŸฅœGDB
      • CEH Cheatsheet
  • โš”๏ธOffensive Security
    • ๐Ÿ’กHardware Exploitation
      • Intro to Hardware
    • ๐ŸฅทRed Team
      • ๐Ÿฆ Malware Development
        • Crow Malware Development
        • ๐ŸชกC# Malware
      • ๐ŸญOffensive Development
        • ๐Ÿ”งOffensive DevOps
          • ๐Ÿท๏ธGitLab
            • GitLab Setup
            • Simple Calculator Project
            • Making our CI/CD Pipeline
            • Build Artifacts
          • ๐ŸŒ†TeamCity
            • TeamCity Setup
            • Creating TeamCity Projects
            • Obfuscating Payloads
          • ๐ŸทJenkins (WIP)
            • Jenkins Setup
            • Creating Pipelines
            • Managing Projects
            • API Interaction
        • ๐Ÿ—๏ธInfrastructure Development (WIP)
          • ๐ŸŽฎCommand & Control Infrastructure
            • ๐Ÿค–Command & Control Anatomy
              • Command & Control Frameworks
              • โ“‚๏ธMetasploit Framework
                • Installing Metasploit
                • Metasploit Basics
                • Advanced Features
                • Metasploit Documentation
              • ๐ŸฒMythic Framework
                • Installing Mythic
                • Malleable Command & Control
                • All About Agents
                • Services
                • Mythic Documentation
            • ๐ŸšฅTraffic Redirection
              • Nginx
              • Amazon Web Services
              • Microsoft Azure
              • Google Cloud Platform
              • Cloudflare Workers
            • ๐ŸฅทCovert Infrastructure
              • Ensuring Resiliency
              • Traffic Masking
              • Network Rules
          • ๐ŸŽฃPhishing Infrastructure
            • ๐Ÿ“งEmail Anatomy
            • ๐ŸŸPhishing Infrastructure Setup
            • ๐ŸššPayload Delivery
            • ๐ŸšฉRemoving Red Flags
          • ๐Ÿช„Infrastructure as Code
            • ๐Ÿ๏ธTerraform
              • Interacting with Docker
              • Going to the Cloud
              • Hybrid Deployment
            • ๐ŸงŠPulumi
            • ๐ŸŽผAnsible
          • โš™๏ธInfrastructure Automation
            • ๐ŸฆดStructuring our Project
            • ๐ŸญAutomating Server Setups
            • ๐ŸŽผOrchestrating our Infrastructure
            • ๐Ÿ”งCI/CD Integration
      • ๐Ÿ™๏ธActive Directory (WIP)
        • Active Directory Overview
        • Authentication
        • AD Lab
      • Red Team Operations - Joas Santos
  • ๐Ÿ›ก๏ธDefensive Security
  • ๐Ÿ“ปSoftware Defined Radios
    • โš ๏ธDisclaimer
    • ๐Ÿ“กBaofeng
      • Programming
  • ๐Ÿง‘โ€๐Ÿ”ฌHome Lab
    • ๐Ÿ’จVirtualisation
      • ๐Ÿ”ธProxmox
  • ๐ŸCapture The Flag
    • ๐ŸงŠHackTheBox
      • ๐Ÿ‘พCyber Apocalypse
        • Cyber Apocalypse 2023
    • ๐ŸคTryHackMe
      • ๐ŸŽ„Advent of Code
      • ๐ŸšชRooms
        • ๐ŸฅBasic Pentesting
        • ๐Ÿ‘จโ€๐Ÿ’ปBlog
      • ๐Ÿ‘ŸPaths
    • ๐Ÿณ๏ธCompetitions
      • Nahamcon
        • Nahamcon 2023
          • Binary Exploitation
            • Open Sesame
      • ๐Ÿ‘๏ธIris CTF
  • ๐ŸฆบDRAFTS
    • GS
      • ๐Ÿ“ฑMobile Application Security
      • ๐Ÿ‘จโ€๐Ÿ”ฌReverse Engineering
      • ๐ŸŒWeb Application Security
      • ๐Ÿ“ŒInformation Security
      • ๐Ÿ”’Cryptography
      • ๐ŸคซOperational Security
    • DS
      • ๐Ÿง Threat Intelligence
        • ๐ŸฆŒELK Stack
          • ๐ŸคธElasticsearch
          • ๐Ÿ•๏ธKibana
          • ๐ŸฆคSELKS
        • ๐Ÿš“Yara
      • ๐ŸนThreat Hunting
      • ๐ŸงฌMalware Analysis
        • Fundamentals
      • ๐Ÿ”ฌForensics
        • ๐Ÿ“ถNetwork Forensics
          • ๐ŸฆˆWireshark
          • ๐ŸฅŸTCP Dump
        • ๐Ÿ’พMemory Forensics
          • โšกVolatility
        • ๐Ÿ’ฝDisk Forensics
          • ๐Ÿ•Autopsy
        • ๐ŸชŸWindows Forensics
        • ๐ŸงLinux Forensics
      • ๐ŸŒฒSecurity Operations
        • Intrusion Detection & Prevention
          • ๐Ÿ›Splunk
            • Splunk Basics
            • Integrating Suricata with Splunk
          • ๐Ÿ—Suricata
            • Intro to Suricata
          • ๐ŸฝSnort
            • Snort Basics
        • Security Information and Event Management (SIEM)
        • Security Orchestration, Automation and Response (SOAR)
    • HL
      • ๐Ÿ–ฅ๏ธHardware
    • OS
      • ๐Ÿ“ถNetwork Exploitation
      • ๐ŸŒฉ๏ธCloud Exploitation
Powered by GitBook
On this page
  • Command & Control
  • Command & Control Infrastructure
  • Table of Contents

Was this helpful?

Edit on GitHub

๐ŸŽฎCommand & Control Infrastructure

PreviousInfrastructure Development (WIP)NextCommand & Control Anatomy

Last updated 3 months ago

Command & Control

Description Covered in Command & Control Anatomy

Command & Control Infrastructure

The Command & Control (C2/C&C) infrastructure encompasses multiple technologies:

  • Team Server (the C2 Itself)

  • Redirector (Determines traffic flow)

  • Network Protocols (How the agent communicates)

  • Cover Server (A decoy server to send defenders or scanners to)

The purpose of the infrastructure is to protect the internal network and the operation from being uncovered. By utilising traffic redirectors, decoy servers, and redirection rules, we can ensure that the security and knowledge about the on-going operations remain hidden from unauthorised view.

High Level Graph

Table of Contents

Command & Control Anatomy

Command & Control Frameworks

Mythic Framework

Traffic Redirection

Nginx

Amazon Web Services

Microsoft Azure

Google Cloud Platform

Cloudflare Workers

Covert Infrastructure

Ensuring Resiliency

Traffic Masking

Network Rules

High Level Overview of a classic C2 Infrastructure Design
Page cover image