Not requiring a constant established connection.Īlthough Red Teams use similar offensive security tools to that of penetration testers, there are tools more emphasized by Red Teams, specifically when it comes to command and control.Bypass firewalls through egress communication clients are typically not accessible outside a network but can reach assets on the Internet through outbound communication.A C2 agent can poll as quickly as near real time or may on check in once a day. Controlling when and how often communications are sent.Synchronous communicationĪsynchronous C2 communications offer many benefits to a Red Team over synchronous by: If there are no tasks, the agent or beacon goes to ‘sleep’ for the predefined period of time. The server is queried for a task if a task exists, the agent or beacon performs the action and reports the results. An agent or beacon polls a C2 server for instructions on a controlled interval. These tools use an asynchronous means of communication. Tools such as PowerShell, Empire, or Cobalt Strike provide agents or beacons that can be deployed to a target.
![what is a cobalt strike beacon what is a cobalt strike beacon](https://i0.wp.com/blog.seadek.com/wp-content/uploads/2009/10/f19dd-p1010012.jpg)
![what is a cobalt strike beacon what is a cobalt strike beacon](https://cdn.vox-cdn.com/thumbor/-2LXg7yFD4_W33NEY-Ti_kUm140=/0x0:1896x2700/1200x800/filters:focal(797x1199:1099x1501)/cdn.vox-cdn.com/uploads/chorus_image/image/50245797/pathfinder_core.0.0.jpg)
What does C2 look like?Ĭ2 is any tool or process that provides a threat or a means to influence a target. The influence is expressed using a C2 infrastructure that can issue C2 instructions.Ĭ2 is a cornerstone to Red Team’s ability to control and maintain control of a target however, it is not unique to Red Teams, but used heavily to emulate a threat’s ability to control and maintain control of a remote target. Command and Control (C2) is the influence an attacker has over a compromised computer system they control.