Attack and Defend with the Command and Control (C2) Matrix

Friday, August 12, 2022 - 13:00 - 15:00 PDT

Presented by Jake Williams and Christopher Peacock from SCYTHE

Command and Control is one of the most used tactics by adversaries in intrusions. Without command and control, you have to write a worm and worms can get out of control. For this reason, 95% or more of attacks use Command and Control. We will leverage the C2 Matrix project to understand how C2 works, use various C2 frameworks to attack target systems, and then cover how to detect the attacks. The workshop will begin with a brief lecture to introduce Command and Control, the C2 Matrix project, and various C2 frameworks. The rest will be hands-on keyboard exercises.

There are two ways to participate, running virtual machines we supply or online using the VMWare learning platform. The same environment and lab guide will work for either choice. However, if you do the virtual machine route, you will be able to perform the exercises at any time after the workshop.

The lab environment will include an attack system, the Slingshot C2 Matrix virtual machine which brings 10 different C2 frameworks, and a target Windows system. Attendees will be able to follow the self-paced guide to set up a C2 server, create a payload, deliver the payload, and gain access to the target system. From there, various adversary behaviors will be walked through to meet the adversary objective. From the defensive side, the guide will walk the attendee through setting up data sources for detection using free tools.

(c)2022, Red Team Village

This web page was started with Mobirise