C2 Matrix
Search…
C2 Matrix
The C2 Matrix
SANS Slingshot C2 Matrix VM
Contribute
Lab Infrastructure
C2 Matrix Eval Lab
Basic Lab
Virtual Machines with C2s
Docker
Resources
C2
Caldera
Covenant
Empire
Faction
ibombshell
Koadic
Merlin
Mythic
Nuages
PoshC2
PowerHub
SilentTrinity
Sliver
SCYTHE
TrevorC2
Attack Infrastructure
Resources
Redirectors/Relays
Detection
Basics
Beacons
JA3/JA3S Hashes
JARM
Powered By GitBook
C2 Matrix Eval Lab
Information about lab environment used to test C2s for the C2 Matrix
This is the lab environment used to test C2s for the C2 Matrix:
pfSense with 3 interfaces:
  • WAN
  • Attackers - LAN Segment
  • Victims - LAN Segment

Windows Victim

On the Windows victim machine, you should run tools that allow you to understand how the payload and modules work. The easiest to use are Wireshark for network traffic and Sysmon for endpoint detection.

Wireshark

Download and run Wireshark to see traffic between victim and attacker: https://www.wireshark.org/
Choose the Ethernet adapter on the victim's LAN segment.
Filter: ip.addr == <attacker ip>

Sysmon

Extract it to C:\tools\
Download and extract SwiftOnSecurity sysmon configuration into C:\tools https://github.com/SwiftOnSecurity/sysmon-config
On an elevated command prompt:
1
cd \tools
2
Sysmon64.exe -accepteula -i sysmonconfig-export.xml
Copied!
Open Event Viewer and navigate down through: Applications and Services Logs > Microsoft > Windows > Sysmon > Operational
Previous
Contribute
Next - Lab Infrastructure
Basic Lab
Last modified 2yr ago
Copy link
Contents
Windows Victim
Wireshark
Sysmon