Red Commander: Red Team C2 Infrastructure built in AWS
Red Commander
Creates two Cobalt Strike C2 servers (DNS and HTTPS), with redirectors, and RedELK in Amazon AWS. Minimal setup required! Companion Blog here
Features
- Build out multiple engagements with this platform! Tracking via Engagement ID
- Custom Cobalt Strike Package Support
- Custom MalleableC2 Support per C2
- C2Concealer Support (Test 👏 Your 👏 Profiles!)
- Modified cs2modrewrite.py from Threat Express
- Joomla Support for Web Redirectors. (The web redirectors can have their own website!)
- Launch as many Web Redirectors as you want! Add as needed by rerunning the playbook with more domains added.
- Custom EDR Evasion support via Web Redirectors (thanks to @curi0usJack)
All files have to be named EXACTLY as shown above in the folders shown. The exception is naming the folder for the web redirect domains.
- Add your own cobaltstrike.zip file if you like. Don’t include your MalleableC2 profile in that ZIP, though.
- If you don’t include a Keystore, one will be created for you using the LetsEncrypt certificate generated for the C2 domain.
- If you don’t include a MalleableC2 profile, one will be generated for you. This happens at every run, so it’s likely a good idea to copy the generated keystore/profile to the above directories after the first run, or just build your own.
- To dump the MySQL database of your Joomla site, use mysqldump Example: mysqldump -u root -p -d cs_joomla >> dump.sql Then, execute cd /var/www/html; zip -r joomla.zip * to get your Joomla to install zipped properly. Don’t worry, the play will add the correct configuration settings (by default, mysql password, user and session type modifiers)
- You can add a custom Cobalt Strike MalleableC2 and/or Keystore per C2 to files/custom/DNS and files/custom/HTTPS respectively.
- Add RedELK.zip to files/.
Download & Use
Copyright (C) 2020 Alex Williams, OSCP, GXPN. Twitter: @offsec_ginger
