C2 Archives - Black Hills Information Security

C2

How-To, Informational C2, command and control, PowerShell Empire, SSH, SSHazam

SSHazam: Hide Your C2 Inside of SSH

Carrie Roberts //* SSHazam is a method of running any C2 tool of your choice inside a standard SSH tunnel to avoid network detections. The examples here involve running PowerShell […]

Read the entire post here

C2, How-To, Red Team C2, C2 over ICMP, command and control, ICMP, Internet Control Message Protocol, Red Team

How To: C2 Over ICMP

Darin Roberts // In previous blogs, I have shown how to get various C2 sessions. In this blog, I will be showing how to do C2 over ICMP. First, what […]

Read the entire post here

C2, Craig Vincent, Red Team C2, command and control, Red Team, WebSockets, WSC2

Command and Control with WebSockets WSC2

Craig Vincent// This all started with a conversation I was having with a few other BHIS testers. At the time, I was testing a web application that used WebSockets. The […]

Read the entire post here

Author, Beau Bullock, Podcasts C2, command and control

PODCAST: Lee Kagan & Beau Bullock talk C2

Special guest Lee Kagan from RedBlack Security talks about his script, his previous guest posts and the future of C2 with Beau Bullock and Sierra. Check out these links: How […]

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS

Read the entire post here

C2, How-To C2, command and control, metasploit

C2, C3, Whatever It Takes

Darin Roberts// If you have been in the security field for any length of time at all you have heard the term C2. You might have heard it also called […]

Read the entire post here

C2, External/Internal, General InfoSec Tips & Tricks, How-To, InfoSec 201, InfoSec 301, Red Team, Red Team Tools, Social Engineering C2, C2 Infrastructure, C2K, command and control, Digital Ocean

How to Build a Command & Control Infrastructure with Digital Ocean: C2K Revamped

Lee Kagan* // Expanding upon the previous post in this series, I decided to rewrite C2K (find it here) to change its behavior and options for the user. In this […]

Read the entire post here

C2, Webcasts C2, Python, webcast, webcasts

WEBCAST: Tweets, Beats, and Sheets: C2 over Social Media

Dakota Nelson// The modern internet’s got a lot of places to hide. In this webcast, join Dakota as he shows how you can establish C2 channels and issue commands to […]

Read the entire post here

Author, C2, Joff Thyer, Red Team anti-virus, AV software, C2, easy button, pen-testing, penetration testing, pentest, Pentesting, Symantec, There is NO easy button

A Morning with Cobalt Strike & Symantec

Joff Thyer // If you have been penetration testing a while, you likely have ended up in a Red Team situation or will be engaged in it soon enough. From […]

Read the entire post here

How-To Blue Team, blue teaming, C2, C2 Infrastructure, Digital Ocean, Let's Encrypt, pen-testing, penetration testing, Red Team, red teaming, SSH configuration

How to Build a C2 Infrastructure with Digital Ocean – Part 1

Lee Kagan* // Deploying an offensive infrastructure for red teams and penetration tests can be repetitive and complicated. One of my roles on our team is to build-out and maintain […]

Read the entire post here 1 2

Follow Us

Looking For Something?

Browse by category

Select Category Alyssa Snow (7) Ashley Knowles (1) Ashley Van Hoesen (1) Author (400) Backdoors & Breaches (7) Beau Bullock (32) Ben Burkhart (1) Blue Team (99) Blue Team Tools (39) Brian Fehrman (16) Brian Ireland (1) Brian King (20) Bronwen Aker (1) C2 (29) Cameron Cartier (2) Carrie Roberts (5) Chris Traynor (1) CJ Cox (7) Connor Costigan (1) Corey Ham (3) Craig Vincent (2) Dale Hobbs (3) Daniel Pizarro (1) Darin Roberts (1) Dave Blandford (1) David Fletcher (30) David Perez (1) Deb Wigley (1) Debjeet Banerjee (1) Derek Banks (13) Derrick Rauch (1) DFIR (1) DNSTAP (1) Ethan Robish (14) External/Internal (64) Fernando Panizza (1) Finding (9) Fun & Games (62) Gabriel Prud’homme (1) General InfoSec Tips & Tricks (84) GRC (1) Guest Author (6) Hal Denton (3) Hardware Hacking (22) Hayden Covington (3) How-To (244) Hunt Teaming (13) Incident Response (10) Informational (403) InfoSec 101 (269) InfoSec 201 (41) InfoSec 301 (12) Intern (2) Isaac Burton (1) Jack Hyland (1) James Marrs (2) Jason Blanchard (7) Joff Thyer (34) John Malone (3) John Strand (120) Jordan Drysdale (64) Joseph Kingstone (2) Justin Angel (4) Kaitlyn Wimberely (1) Kent Ickler (37) Kevin Klingbile (1) Kiersten Gross (2) Kyle Avery (3) Linux (1) LLMNR (6) Marcello Salvati (1) Matthew Eidelberg (3) Max Boehner (1) Melissa Bruno (3) Michael Allen (7) Mike Felch (15) Mobile (8) moth (3) News (134) Noah Heckman (3) Password Cracking (12) Password Spray (15) Patterson Cake (5) Phishing (27) Physical (15) Podcasts (182) Ralph May (4) Ray Felch (17) Recon (18) Red Team (215) Red Team Tools (92) Robert Schwass (1) Sally Vandeven (1) Sean Verity (3) Serena DiPenti (5) SOC (1) Social Engineering (13) Steve Borosh (7) Terry Reece (1) Tim Fowler (5) Tom Smith (1) Troy Wojewoda (4) Web App (27) Webcast Wrap-Up (3) Webcasts (146) Wireless (13)

Recent Posts

• ICS Hard Knocks: Mitigations to Scenarios Found in ICS/OT Backdoors & Breaches This blog will be referencing the ICS/OT Backdoors &
• Intro to Data Analytics Using SQL In this video, Ethan Robish discusses the fundamentals
• Finding Access Control Vulnerabilities with Autorize In the most recent revision of the OWASP Top 10,

Browse by topic

Active Directory ADHD anti-virus Attack Tactics AV Azure Beau Bullock BHIS Blue Team bypassing AV C2 Carrie Roberts cloud encryption hacking hardware hacking infosec Joff Thyer john strand Jordan Drysdale Kent Ickler Linux MailSniper Microsoft Nessus passwords password spraying pen-testing penetration testing pentest Pentesting phishing podcast PowerShell Python Raymond Felch Red Team red teaming RITA social engineering Sysmon tools webcast webcasts Windows

Archives

Archives Select Month December 2024 (2) November 2024 (6) October 2024 (7) September 2024 (6) August 2024 (5) July 2024 (3) June 2024 (4) May 2024 (6) April 2024 (4) March 2024 (4) February 2024 (9) January 2024 (8) December 2023 (5) November 2023 (10) October 2023 (6) September 2023 (6) August 2023 (8) July 2023 (5) June 2023 (7) May 2023 (7) April 2023 (8) March 2023 (8) February 2023 (12) January 2023 (7) December 2022 (5) November 2022 (7) October 2022 (21) September 2022 (8) August 2022 (4) July 2022 (4) June 2022 (9) May 2022 (5) April 2022 (3) March 2022 (6) February 2022 (5) January 2022 (4) December 2021 (10) November 2021 (6) October 2021 (4) September 2021 (8) August 2021 (7) July 2021 (10) June 2021 (3) May 2021 (10) April 2021 (8) March 2021 (11) February 2021 (5) January 2021 (5) December 2020 (10) November 2020 (6) October 2020 (4) September 2020 (3) August 2020 (6) July 2020 (5) June 2020 (8) May 2020 (6) April 2020 (9) March 2020 (8) February 2020 (8) January 2020 (7) December 2019 (6) November 2019 (4) October 2019 (7) September 2019 (5) August 2019 (6) July 2019 (2) June 2019 (5) May 2019 (7) April 2019 (1) March 2019 (7) February 2019 (6) January 2019 (6) December 2018 (8) November 2018 (6) October 2018 (6) September 2018 (8) August 2018 (11) July 2018 (12) June 2018 (13) May 2018 (10) April 2018 (9) March 2018 (9) February 2018 (9) January 2018 (7) December 2017 (7) November 2017 (8) October 2017 (9) September 2017 (8) August 2017 (10) July 2017 (9) June 2017 (7) May 2017 (6) April 2017 (8) March 2017 (13) February 2017 (8) January 2017 (12) December 2016 (10) November 2016 (14) October 2016 (11) September 2016 (12) August 2016 (12) July 2016 (12) June 2016 (12) May 2016 (11) April 2016 (12) March 2016 (12) February 2016 (9) January 2016 (8) December 2015 (5) November 2015 (2) October 2015 (2) July 2015 (1) June 2015 (1) April 2015 (1) March 2015 (1)