# Command & Control Frameworks ### Command & Control Frameworks #### C2 Matrix The [C2 Matrix ](https://howto.thec2matrix.com/)is a tool built by [SANS](https://www.sans.org/tools/the-c2-matrix/) for security professionals looking to integrate a Command & Control framework within their workflow. It has a list of near up-to-date C2's (Commercial and otherwise), as well as their capabilities, the language it was built in, and more. The matrix also features a virtual machine - [Slingshot ](https://howto.thec2matrix.com/slingshot-c2-matrix-edition)- which can be used to test out C2s within a virtualised lab environment.

#### Commercial C2 Frameworks C2 Frameworks varies in price based on their capabilities, Operational Security, and Support - ranging from affordable to an SME, to 5 kidneys and some change. **Cobalt Strike (CS)** Probably one of the most recognisable C2s on the market. The C2 was created by Raphael Mudge as a paid version of [Armitage ](https://www.kali.org/tools/armitage/)- a GUI version of Metasploit. Due to its stability, malleability and long history of success, CS is used in many red team & penetration testing engagements - and by threat actors - to achieve domain dominance over client environments. The easy to navigate GUI and customisable features makes it a great choice for those that can afford it. **Courses that utilise CS in their labs:** There are some courses that offer training with CS which makes it more accessible to learn and use a commercial C2 * [Certified Red Team Operator/Lead](https://training.zeropointsecurity.co.uk/bundles/red-team-courses) * [Advanced Red Team Operations](https://training.whiteknightlabs.com/advanced-red-team-operations/) * [Offensive Development](https://training.whiteknightlabs.com/offensive-development-training/) #### Open Source C2 Frameworks **Metasploit Framework** **Mythic Framework** **Havoc Framework**