Secondary Categories: 02-Infrastructure, 02-Command and Control
Based on Tim MalcomVetter a secure C2 infrastructure should look like as follows:
Essentially an SSH (or VPN) tunnel is setup from the C2 server to the HTTPS redirector. It must be done in this direction beacuse:
- The C2 server should not allow direct access to the internet and only allow access to the redirectors
- If you have HTTPS certificates and need to setup a HTTP redirector you donβt have to place the keys on the redirector if it gets compromised or detected. That way all confidential files are on the C2 server.
No data should be stored on the redirector and should all be maintained on the C2 server. In doing so the client data and C2 traffic will be kept safe from cloud hosting providers. Using a SSH tunnel between the redirector and C2 server allow for traffic to pass in a secure tunnel.
The C2 server should not be ran on a cloud hosting provider and redirectors donβt have to be VMs we can also use CDNs, AWS Lambda, Azure Functions & Cloudflare Workers as serverless redirectors
Implementation
This can easily be done by setting up a remote port forward from the team server to the redirector. If you are using multiple redirectors I suggest using tmux, screen, or another similar tool.
ssh -N -R 8443:localhost:443 -i ssh-user [email protected]
We can then confirm the SSH tunnel is working by using curl on the redirector:
curl -v -k https://localhost:8443
Also Check Out:
- PLACEHOLDER