Attack infrastructures¶

For the best part of the last decades the undefeated champion of C2 post-exploitation frameworks was the Metasploit framework, but the default settings of the tool have been flagged by every Windows security product since 2007. For hacking Linux systems and older Windows systems it can still be a good choice.

Some Windows exploits are still useful. Silent Trinity in an attack infrastructure as code (IaC) may offer good alternatives for Windows 10+ systems, at least for now.

Metasploit is not the only way to use exploits; you can download exploits from exploit database sites, modify existing exploits to bypass security controls, or create new exploits from scratch.

Counter moves¶

Resilient attacker infrastructure keeps C2 reachable as nodes get burned. From the defensive side this is C2 detection, destination baselining, and reputation. Seen from the other side, this sits in the blue notes on plausibility as cover.