search

C2 Matrix Eval Lab

Information about lab environment used to test C2s for the C2 Matrix

This is the lab environment used to test C2s for the C2 Matrix:

pfSense with 3 interfaces:

  • WAN

  • Attackers - LAN Segment

  • Victims - LAN Segment

hashtag
Windows Victim

On the Windows victim machine, you should run tools that allow you to understand how the payload and modules work. The easiest to use are Wireshark for network traffic and Sysmon for endpoint detection.

hashtag
Wireshark

Download and run Wireshark to see traffic between victim and attacker: https://www.wireshark.org/arrow-up-right

Choose the Ethernet adapter on the victim's LAN segment.

Filter: ip.addr == <attacker ip>

hashtag
Sysmon

Download Sysmon: https://docs.microsoft.com/en-us/sysinternals/downloads/sysmonarrow-up-right

Extract it to C:\tools\

Download and extract SwiftOnSecurity sysmon configuration into C:\tools https://github.com/SwiftOnSecurity/sysmon-configarrow-up-right

On an elevated command prompt:

Open Event Viewer and navigate down through: Applications and Services Logs > Microsoft > Windows > Sysmon > Operational

Additional reading: https://www.blackhillsinfosec.com/getting-started-with-sysmon/arrow-up-right

PreviousFeedbackNextBasic Lab

Last updated

Was this helpful?