Scribd
Upload
41 views15 pages

C&C Framework - Ayan Saha

This document discusses C2 frameworks and provides an overview of key concepts. It introduces C2 frameworks and their components like listeners and payloads. It demonstrates the SpyderC2 framework, showing how to start a listener, generate a payload, and execute modules on a victim. It also discusses C2 traffic analysis and how most C2 frameworks map to techniques in the MITRE ATT&CK knowledge base. The document encourages open source contributions to existing frameworks.

Uploaded by

Null Kolkata
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
41 views15 pages

C&C Framework - Ayan Saha

This document discusses C2 frameworks and provides an overview of key concepts. It introduces C2 frameworks and their components like listeners and payloads. It demonstrates the SpyderC2 framework, showing how to start a listener, generate a payload, and execute modules on a victim. It also discusses C2 traffic analysis and how most C2 frameworks map to techniques in the MITRE ATT&CK knowledge base. The document encourages open source contributions to existing frameworks.

Uploaded by

Null Kolkata
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 15

C2 FRAMEWORKS:

AN OVERVIEW
A y a n S a ha
AGENDA

C2 Introduction & Matrix

Terminologies

SpyderC2 Framework & Demo

C2 Traffic Analysis

C2 - MITRE ATT&CK

C2 FRAMEWORKS : AN OVERVIEW 2
WHOAMI
• Security Researcher, ATI - Keysight Technologies
• Android Enthusiast
• Open-Source Contributor – MITRE ATT&CK,
Metasploit, Atomic RedTeam, SpyderC2, Security
Blogs

AYAN SAHA

C2 FRAMEWORKS : AN OVERVIEW 3
C2 - INTRODUCTION
• Simple Client and Server
• Server sends commands
• Client / Victim executes and returns results
• Frameworks differs in few aspects – Modules,
Listeners etc. – C2 Matrix

C2 FRAMEWORKS : AN OVERVIEW 4
C2 FRAMEWORKS : AN OVERVIEW 5
TERMINOLOGIES

LISTENER PAYLOAD BEACON MODULES TRAFFIC


Listens for Malware which gets Timely messages Evil functionalities Network Traffic
connections from executed on victim. from victim to or commands packets exchanged
victims. Various Staged or Stageless server looking for executed on victim. over the wire.
protocols – HTTP, commands to Ex: Screenshot
DNS execute.

C2 FRAMEWORKS : AN OVERVIEW 6
SPYDERC2
• A basic C2 framework implemented by me.
• Available open-source at GitHub : https://github.com/
Ayantaker/SpyderC2

• Contributions are welcome. Ex: Add Keylogger module

• YouTube Playlist for tutorials

C2 FRAMEWORKS : AN OVERVIEW 7
DEMO
Sp y d e rC 2

C2 FRAMEWORKS : AN OVERVIEW
Step 1 : Start the SpyderC2 Framework

Step 2 : Start a listener and generate a payload

C2 FRAMEWORKS : AN OVERVIEW 9
Step 3 : Execute payload on victim

Step 4 : Execute modules,


Ex: screenshot

C2 FRAMEWORKS : AN OVERVIEW
C2 TRAFFIC ANALYSIS

RR 0 : Victim registration RR 1 : C2 Beacons

RR 3: Task Request C2 FRAMEWORKS : AN OVERVIEW


RR 4: Task Response
Ex – Persistence
TACTIC
(TA0003)

MITRE ATT&CK – C2

TTP TECHNIQUE
Ex – Registry Run keys
(T1547.001) •

Knowledge Base, TTP
Most C2 frameworks mapped to MITRE TTP

• Software Section

• Chances for open-source contribution


Ex – Implemented with
PROCEDURE EmpireC2 (S0363)

C2 FRAMEWORKS : AN OVERVIEW 12
C2 FRAMEWORKS : AN OVERVIEW 13
KEY TAKEAWAYS

What w e lear nt Tr y O p e n-S o urc e C o nt rib ut io ns


What C2 Frameworks are C2 Matrix - Link

Lots of C2 Frameworks – C2 Matrix MITRE ATT&CK : C2 TTP - Link

Spyder C2 Framework – Try it out! SpyderC2 Modules - Link

Try building your own framework.

C2 Traffic Analysis.

PRESENTATION TITLE 14
THANK YOU

C2 FRAMEWORKS : AN OVERVIEW 15

You might also like