Redirectors/Relays

"It’s 2021, disable staging and don’t expose C2 server ports directly to the internet" - @HackingLZ

A redirector or a relay is a network widget that listens for incoming connections and forwards them to another host or port. This is an operational security best practice so that you never expose your Command and Control (C2) server to everyone on the Internet. Instead, your payload should be configured to connect to the redirector/relay so that anyone looking at the network connections sees the redirector/relay and not your C2 server. If a defender/Blue Team blocks your redirector, your C2 server is still accessible.

A lot has been written about redirectors. Here are a few references:

Last updated