Command-and-Control (C2) channels enable remote control of devices compromised through various means. Some C2s use network protocols to relay messages from the compromised asset to the C2 server. While others blend in with commonly used applications and websites that are not malicious and have legitimate use cases in the target environment, making it even harder to detect (e.g. Discord to relay C2 traffic).

Deploying C2 requires knowledge to set up effectively. Components must be deployed and configured before a campaign can start and target assets are exploited to connect back to the C2 infrastructure to wait for commands and/or send gathered data.

It is not a secret that automation helps reduce the risk of human error on repetitive tasks, helps obtain consistent results and decreases the time necessary to perform a set of steps. It can also be applied to the deployment and configuration of C2 infrastructure components such as frameworks, redirectors, and associated compute infrastructure.

This talk intends to raise awareness on the functioning of what comprises a C2 deployment a Red Team can use during offensive cyber operations, how are its components deployed, configured, and secured as well as how this can all be performed in an automated manner. We’ll cover how an enterprise grade Red Team leverages Infrastructure as code with the goal of improving the security posture of the organization by spending less time doing ‘Sysadmin’ tasks and more time attacking!