Setting up a Command and Control (C2) server is a critical step in establishing a robust red team infrastructure.
This guide provides a detailed walkthrough on how to install and configure your C2 server, ensuring seamless integration with tools like Filebeat and RedELK.
Follow these essential steps to enhance your cybersecurity testing capabilities.
c2servers.tgz
on your C2 server.install-c2server.sh $FilebeatID $ScenarioName $IP/DNS:PORT
Copy and extract c2servers.tgz
on your C2 server as part of your red team infra deployment procedures. Run the installer for your C2 server, i.e.: install-c2server.sh $FilebeatID $ScenarioName $IP/DNS:POR
See Naming requirements for detailed info on naming requirements.
This script will warn if filebeat is already installed (important as ELK and filebeat sometimes are very picky about having equal versions), install required certificates, adjust the filebeat configuration, start filebeat, create a local user ‘scponly’ and limit that user to SSH key-based auth via scp/sftp/rsync.
Having issues? Check the following:
redelk-install.log
./var/log/filebeat
or filebeat
mentioned in /var/log/syslog
depending on your Linux flavour used). certs/config.cfg
file./var/log/redelk/*
.The project is based on Go and Vue to build a management system for sensitive…
Installing and configuring redirectors as part of your red team infrastructure. Follow these step-by-step instructions…
This step generates TLS key pairs. This is used for encrypting the filebeat traffic between…
enum4linux-ng.py is a rewrite of Mark Lowe's (former Portcullis Labs now Cisco CX Security Labs)…
Interactive PDF Analysis (also called IPA) allows any researcher to explore the inner details of…
A detailed guide on setting up Cobalt Strike in a Docker environment. Cobalt Strike, a…