0x1 Posted September 7, 2019 Share Posted September 7, 2019 (edited) C3 Custom Command and Control This is the hidden content, please Sign In or Sign Up C3 (Custom Command and Control) is a tool that allows Red Teams to rapidly develop and utilise esoteric command and control channels (C2). It’s a framework that extends other red team tooling, such as the commercial Cobalt Strike (CS) product via ExternalC2, which is supported at release. It allows the Red Team to concern themselves only with the C2 they want to implement; relying on the robustness of C3 and the CS tooling to take care of the rest. This efficiency and reliability enable Red Teams to operate safely in critical client environments (by assuring a professional level of stability and security); whilst allowing for safe experimentation and rapid deployment of customised Tactics, Techniques and Procedures (TTPs). Thus, empowering Red Teams to emulate and simulate an adaptive real-world attacker. This is the hidden content, please Sign In or Sign Up Attackers must establish command and control (C2) to gain influence within their target environments in order to pursue their goals and objectives. It is therefore arguably one of the most important parts of the cyber kill chain because without it any payloads that are successfully delivered operate blindly, cannot provide network level pivoting and near real-time interaction. It is no surprise then that organisations have been imposing more controls against what types of communications are allowed from systems and a priority has been placed on defensive teams to be able to effectively detect C2. This is emphasised by two out of the twelve columns of Mitre ATT&CK being related to this area, ‘Command and Control’ and ‘Exfiltration’. The first proof of concept of C3 was presented at BlueHat v18 by William Knowles and Dave Hartley. Since then it has been refactored and some aspects reimagined into what it is today by a team of developers heavily influenced by members of the MWR Red Team. Video : BlueHat v18 || Overt Command & Control: The Art of Blending In Spoiler Practical Usage C3 is designed to be an easy and intuitive interface that allows users to form complex paths during adversarial simulations. This section provides an in-depth guide of how to use C3, from compilation through to code execution. See blog post for a detailed tutorial. This is the hidden content, please Sign In or Sign Up For contribution guide (how to develop a Channel tutorials), see this page This is the hidden content, please Sign In or Sign Up Download This is the hidden content, please Sign In or Sign Up Edited September 7, 2019 by 0x1 fix hide tags Link to comment Share on other sites More sharing options...
Recommended Posts