SSHazam: Hide Your C2 Inside of SSH
Carrie Roberts //* SSHazam is a method of running any C2 tool of your choice inside a standard SSH tunnel to avoid network detections. The examples here involve running PowerShell […]
C2
How To: C2 Over ICMP
Darin Roberts // In previous blogs, I have shown how to get various C2 sessions. In this blog, I will be showing how to do C2 over ICMP. First, what […]
Command and Control with WebSockets WSC2
Craig Vincent// This all started with a conversation I was having with a few other BHIS testers. At the time, I was testing a web application that used WebSockets. The […]
PODCAST: Lee Kagan & Beau Bullock talk C2
Special guest Lee Kagan from RedBlack Security talks about his script, his previous guest posts and the future of C2 with Beau Bullock and Sierra. Check out these links: How […]
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS
C2, C3, Whatever It Takes
Darin Roberts// If you have been in the security field for any length of time at all you have heard the term C2. You might have heard it also called […]
How to Build a Command & Control Infrastructure with Digital Ocean: C2K Revamped
Lee Kagan* // Expanding upon the previous post in this series, I decided to rewrite C2K (find it here) to change its behavior and options for the user. In this […]
WEBCAST: Tweets, Beats, and Sheets: C2 over Social Media
Dakota Nelson// The modern internet’s got a lot of places to hide. In this webcast, join Dakota as he shows how you can establish C2 channels and issue commands to […]
A Morning with Cobalt Strike & Symantec
Joff Thyer // If you have been penetration testing a while, you likely have ended up in a Red Team situation or will be engaged in it soon enough. From […]
How to Build a C2 Infrastructure with Digital Ocean – Part 1
Lee Kagan* // Deploying an offensive infrastructure for red teams and penetration tests can be repetitive and complicated. One of my roles on our team is to build-out and maintain […]
1 2