C2 Matrix Eval Lab
Information about lab environment used to test C2s for the C2 Matrix
This is the lab environment used to test C2s for the C2 Matrix:
pfSense with 3 interfaces:
- Attackers - LAN Segment
- Victims - LAN Segment
On the Windows victim machine, you should run tools that allow you to understand how the payload and modules work. The easiest to use are Wireshark for network traffic and Sysmon for endpoint detection.
Choose the Ethernet adapter on the victim's LAN segment.
Filter: ip.addr == <attacker ip>
Extract it to C:\tools\
Download and extract SwiftOnSecurity sysmon configuration into C:\tools https://github.com/SwiftOnSecurity/sysmon-config
On an elevated command prompt:
Sysmon64.exe -accepteula -i sysmonconfig-export.xml
Open Event Viewer and navigate down through: Applications and Services Logs > Microsoft > Windows > Sysmon > Operational