Command and Control Part 2: Advanced Attack Management
The C2 infrastructure described in Chapter 1 is not fit for anything other than illustrating concepts. Its lack of a proper out-of-band management channel and the ability to handle only one target host at a time are severe, crippling limitations. The always-on SSH connection is also inelegant and lacks stealth.
Adding Stealth and Multiple System Management
In this section, you will add considerable new functionality to make your C2 stealthier, more intelligent, and easier to manage. What is needed for now is the following:
- Beaconing—When the payload is delivered and installed, it should periodically call home (your C2 server) for orders rather than immediately establishing an SSH connection and reverse tunnel.
- Pre-configured command set—An established set of instructions that can be passed to the payload for tasking when it calls home.
- Tunnel management—The C2 server needs to be able to handle multiple simultaneous...