• Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

C3 Custom Command and Control

Status
Not open for further replies.

0x1

LeVeL23 HacKerS TeaM
User
Joined
Nov 15, 2013
Messages
880
Reputation
0
Reaction score
6,315
Points
243
Credits
78
‎11 Years of Service‎
18%
C3 Custom Command and Control

mwC4YBF.jpg

C3 (Custom Command and Control) is a tool that allows Red Teams to rapidly develop and utilise esoteric command and control channels (C2). It’s a framework that extends other red team tooling, such as the commercial Cobalt Strike (CS) product via ExternalC2, which is supported at release. It allows the Red Team to concern themselves only with the C2 they want to implement; relying on the robustness of C3 and the CS tooling to take care of the rest. This efficiency and reliability enable Red Teams to operate safely in critical client environments (by assuring a professional level of stability and security); whilst allowing for safe experimentation and rapid deployment of customised Tactics, Techniques and Procedures (TTPs). Thus, empowering Red Teams to emulate and simulate an adaptive real-world attacker.​

KpHFMLS.png

Attackers must establish command and control (C2) to gain influence within their target environments in order to pursue their goals and objectives. It is therefore arguably one of the most important parts of the cyber kill chain because without it any payloads that are successfully delivered operate blindly, cannot provide network level pivoting and near real-time interaction. It is no surprise then that organisations have been imposing more controls against what types of communications are allowed from systems and a priority has been placed on defensive teams to be able to effectively detect C2. This is emphasised by two out of the twelve columns of Mitre ATT&CK being related to this area, ‘Command and Control’ and ‘Exfiltration’.

The first proof of concept of C3 was presented at BlueHat v18 by William Knowles and Dave Hartley. Since then it has been refactored and some aspects reimagined into what it is today by a team of developers heavily influenced by members of the MWR Red Team.

Video : BlueHat v18 || Overt Command & Control: The Art of Blending In


Spoiler


Practical Usage

C3 is designed to be an easy and intuitive interface that allows users to form complex paths during adversarial simulations. This section provides an in-depth guide of how to use C3, from compilation through to code execution.

See blog post for a detailed tutorial.

To see this hidden content, you must like this content.

For contribution guide (how to develop a Channel tutorials), see this page

To see this hidden content, you must like this content.

Download

To see this hidden content, you must like this content.
 
Last edited by a moderator:
Status
Not open for further replies.
Back
Top