C2 Matrix
Jorge Orchilles
Cyber Security Leader | Readiness & Proactive Security @ Verizon | Principal SANS Instructor and Author of SEC565 Red Team Operations and Adversary Emulation
The goal of the C2 Matrix is to document, compare, and contrast C2 frameworks to facilitate the determination of the best one for your needs (based on the adversary you need to emulate, and the target environment). Check it out at https://www.thec2matrix.com/
C2 stands for Command and Control. It is how red teamers and penetration testers can control the machines they compromise during ethical hacking engagements. The definition from MITRE ATT&CK is "Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim’s network structure and defenses." [1]
PowerShell Empire was the go-to C2 framework for penetration testers and red teamers. However, the original developers have determined the goal of the project has been met and have ended support:
On one hand, congratulations:
On the other hand, what do we do now?
The good news is that it is the "Golden Age of C2" and there are many frameworks available. As I started asking around, I found many, many options. Hence we set forth to understand the capability of each and document it in a spreadsheet. That spreadsheet grew many columns long and a website was better for viewing it: https://www.thec2matrix.com/
The original source (Google Sheet) is available if you would like to manipulate it yourself: https://docs.google.com/spreadsheets/d/1b4mUxa6cDQuTV2BPC6aA-GR4zGZi0ooPYtBe4IgPsSc/
Make my life easier
To make things even easier, we created a questionnaire to filter out C2 frameworks based on your adversary emulation plan and the target environment. Beta is here: https://ask.thec2matrix.com/
Call to Action
If you are interested in participating in the next phase of the evaluation where we will map out the C2 framework capabilities to ATT&CK, let me know!
Thank You Developers!
Many developers have contributed to these C2 frameworks and they all deserve a big THANK YOU! Your contributions to the community are very much appreciated!!!
Cyber Security Leader | Readiness & Proactive Security @ Verizon | Principal SANS Instructor and Author of SEC565 Red Team Operations and Adversary Emulation
5 年https://www.thec2matrix.com/