Hi, this will be a short one. But I must put down in words what my thoughts are about the C2 tests that I have been doing for some time now. Not so hard to set up and get it running. If you want to play around there are some really good blog post out there to get you up and running.
Go back in the blogg and you will find the tests that I have been doing.
I really wanted to try out Cobalt Strike but when I was in contact with them It became to much money. I do this on my free time and do not have the funds to buy stuff to try out.
In my tests I really liked SILENTTRINTY and Covenant, easy to implement and get it up and running.
Obfuscation of payloads and evading AV is hard. I think, but I have not decided yet that evading AV is my next posting.
To get started and burn some really nice hours please go to.
Rogers 10 commandments words
- Use any AV on your desktop. Defender is really god to stop bad things
- Do NOT be Administrator on you local machine
- Implement LAPS (if it is possible)
- Tell your IT guy/girl if you see something suspisious or if you press the wrong link. (it’s not embarrassing)
- Do some “lite” IT-Security traning. There is a lot of free stuff out there. It is about to get security in our mind. I know it is not fun but it is neccessary. (See above link)
- Updating your OS and Application often!
- Use password managers. there is alot of freeware if you do not wanna pay
- Implement MFA on everything.
- Backup, Backup and Backup
- Have fun! Life is to short
That was all from me this time!