2. AGENDA
C2 Introduction & Matrix
Terminologies
SpyderC2 Framework & Demo
C2 Traffic Analysis
C2 - MITRE ATT&CK
C2 FRAMEWOR K S : AN OVERVIEW 2
3. WHOAMI
• Security Researcher, ATI - Keysight Technologies
• Android Enthusiast
• Open-Source Contributor – MITRE ATT&CK,
Metasploit, Atomic RedTeam, SpyderC2, Security Blogs
C2 FRAMEWOR K S : AN OVERVIEW 3
AYAN SAHA
4. C2 - INTRODUCTION
• Simple Client and Server
• Server sends commands
• Client / Victim executes and returns results
• Frameworks differs in few aspects – Modules,
Listeners etc. – C2 Matrix
C2 FRAMEWOR K S : AN OVERVIEW 4
6. TERMINOLOGIES
LISTENER
Listens for
connections from
victims. Various
protocols – HTTP
,
DNS
PAYLOAD
Malware which gets
executed on victim.
Staged or Stageless
BEACON
Timely messages
from victim to
server looking for
commands to
execute.
MODULES
Evil functionalities
or commands
executed on victim.
Ex: Screenshot
TRAFFIC
Network Traffic
packets exchanged
over the wire.
C2 FRAMEWOR K S : AN OVERVIEW 6
7. SPYDERC2
• A basic C2 framework implemented by me.
• Available open-source at GitHub :
https://github.com/Ayantaker/SpyderC2
• Contributions are welcome. Ex: Add Keylogger module
• YouTube Playlist for tutorials
C2 FRAMEWOR K S : AN OVERVIEW 7
9. C2 FRAMEWOR K S : AN OVERVIEW 9
Step 1 : Start the SpyderC2 Framework
Step 2 : Start a listener and generate a payload
10. Step 3 : Execute payload on victim
Step 4 : Execute modules,
Ex: screenshot
C2 FRAMEWOR K S : AN OVERVIEW
11. C2 TRAFFIC ANALYSIS
RR 0 : Victim registration RR 1 : C2 Beacons
RR 3: Task Request RR 4: Task Response
C2 FRAMEWOR K S : AN OVERVIEW
12. MITRE ATT&CK – C2
• Knowledge Base, TTP
• Most C2 frameworks mapped to MITRE TTP
• Software Section
• Chances for open-source contribution
12
TACTIC
Ex – Persistence
(TA0003)
TECHNIQUE
Ex – Registry Run keys
(T1547.001)
PROCEDURE
Ex – Implemented with
EmpireC2 (S0363)
TTP
C2 FRAMEWOR K S : AN OVERVIEW
14. KEY TAKEAWAYS
What we learnt
What C2 Frameworks are
Lots of C2 Frameworks – C2 Matrix
Spyder C2 Framework – Try it out!
Try building your own framework.
C2 Traffic Analysis.
Tr y Open-Source Contributions
C2 Matrix - Link
MITRE ATT&CK : C2 TTP - Link
SpyderC2 Modules - Link
PRESENT A TI O N TITLE 14