It is the golden age of Command and Control (C2) frameworks. The goal of this site is to point you to the best C2 framework for your needs based on your adversary emulation plan and the target environment. Take a look at the matrix or use the questionnaire to determine which fits your needs.


Jorge Orchilles is a SANS Principal Instructor, Author, and Red Team and Purple Team Ambassador; he is the project lead of the C2 Matrix and contributor to MITRE ATT&CK and Atomic Red Team. He is co-author of SANS Security 565: Red Team Operations and Adversary Emulation, the Purple Team Exercise Framework (PTEF), CVSSv3, and a threat-led penetration testing framework; ISSA Fellow; NSI Technologist Fellow; and previously served on the Board of Directors of the ISSA South Florida Chapter for 10 years. Prior, Jorge ran the offensive security team at Citigroup. Jorge is a published author and holds post-graduate degrees from Stanford and Florida International University in Advanced Computer Security & Master of Science respectively.

Bryson Bort is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a boutique cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a National Security Institute Fellow and an Advisor to the Army Cyber Institute. Prior, Bryson led an elite offensive capabilities development group. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain.

Adam Mashinchi is the Principal Product Manager for Managed Detection and response at Red Canary, where he manages the strategy, roadmap, and development of the MDR solution. Before Red Canary, Adam defined and managed the development of enterprise security and privacy solutions with an emphasis on adversary emulation and usable encryption at a global scale, leading numerous technical integration projects with a variety of partners and services.

Last updated