C2 Matrix

Jorge Orchilles
Nov 19 · 2 min read

The goal of the C2 Matrix is to document, compare, and contrast C2 frameworks to facilitate the determination of the best one for your needs (based on the adversary you need to emulate, and the target environment). Check it out at https://www.thec2matrix.com/

C2 stands for Command and Control. It is how red teamers and penetration testers can control the machines they compromise during ethical hacking engagements. The definition from MITRE ATT&CK is “Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim’s network structure and defenses.” [1]

PowerShell Empire was the go-to C2 framework for penetration testers and red teamers. However, the original developers have determined the goal of the project has been met and have ended support:

On one hand, congratulations:

On the other hand, what do we do now?

The good news is that it is the “Golden Age of C2” and there are many frameworks available. As I started asking around, I found many, many options. Hence we set forth to understand the capability of each and document it in a spreadsheet. That spreadsheet grew many columns long and a website was better for viewing it: https://www.thec2matrix.com/

The original source (Google Sheet) is available if you would like to manipulate it yourself: https://docs.google.com/spreadsheets/d/1b4mUxa6cDQuTV2BPC6aA-GR4zGZi0ooPYtBe4IgPsSc/

Make my life easier

To make things even easier, we created a questionnaire to filter out C2 frameworks based on your adversary emulation plan and the target environment. Beta is here: http://ask.thec2matrix.com/

Call to Action

If you are interested in participating in the next phase of the evaluation where we will map out the C2 framework capabilities to ATT&CK, let me know!

Thank You Developers!

Many developers have contributed to these C2 frameworks and they all deserve a big THANK YOU! Your contributions to the community are very much appreciated!!!

References

[1] https://attack.mitre.org/tactics/TA0011/

jorgeorchilles

Ramblings of an InfoSec Pro

Jorge Orchilles

Written by

Red Teamer, SANS Author and Instructor, GFMA Pen Test framework, CVSS WG, ISSA Senior, posts are my own

jorgeorchilles

Ramblings of an InfoSec Pro

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade