Keeping my C2 server anonymous, how can I do this?

[kitsunefx]

Hi,

I've got a CobaltStrike C2 set up and I want to know what's the best way to keep it anonymous so nobody can track it down, how would I do this?
I'm quite new so please forgive me if this is a dumb question.

All advice helpful

 

[kitsunefx]

HTTPS?

the target would still know the ip though

 

[pylypx64]

Look for DNS Tunneling

 

[kitsunefx]

Look for DNS Tunneling

do you have any resources/guides for this?

 

[pylypx64]

do you have any resources/guides for this?

sorry, I don't

 

[Lipshitz]

Google about this and you will find plenty, there is a full course on YouTube from the creator and it is one of the most well documented tools out there (for us and blues). You need to learn to do research if you seriously want to pursue this kind of job though.

 

[kitsunefx]

Google about this and you will find plenty, there is a full course on YouTube from the creator and it is one of the most well documented tools out there (for us and blues). You need to learn to do research if you seriously want to pursue this kind of job though.

yeah, i'll try
thanks for your advice

 

[loftkit]

I suggest you watch these videos by the Cobalt Strike creator it goes over operations, infrastructure, c2, weaponization, initial access, post exploitation, privilege escalation, lateral movement, and pivoting.

Operations

Infrastructure

C2

Weaponization

Initial Access

Post Exploitation

Privilege Escalation

Lateral Movement

Pivoting

You can find much more videos and blogs going more in depth with cobalt strike.

 

[kitsunefx]

Look for DNS Tunneling

just had a look at this, wouldn't the ip be revealed in the dns record?

 

[kitsunefx]

I suggest you watch these videos by the Cobalt Strike creator it goes over operations, infrastructure, c2, weaponization, initial access, post exploitation, privilege escalation, lateral movement, and pivoting.

Operations

Infrastructure

C2

Weaponization

Initial Access

Post Exploitation

Privilege Escalation

Lateral Movement

Pivoting

You can find much more videos and blogs going more in depth with cobalt strike.

thanks for these, i'll definitely check them out

 

[loftkit]

thanks for these, i'll definitely check them out

no problem I wish you the best ))

 

[r_as]

fast flux? у вас домен С2?

 

[kitsunefx]

fast flux? у вас домен С2?

я могу получить один, если необходимо

 

[busterclock]

fast flux? у вас домен С2?

I find this to be an excellent idea even if fastflux servers may be quite more expensive compared to other servers.

 

[r1z]

Hi,

I've got a CobaltStrike C2 set up and I want to know what's the best way to keep it anonymous so nobody can track it down, how would I do this?
I'm quite new so please forgive me if this is a dumb question.

All advice helpful

I have this tutorial in my to-do this month, keep tunned

 

[kitsunefx]

I have this tutorial in my to-do this month, keep tunned

can't wait for that!

 

[forgehelm]

Have you tried TOR fronting?

https://medium.com/@vysec.private/tor-fronting-utilising-hidden-services-to-hide-attack-infrastructure-2761ae19031ehttps://medium.com/@vysec.private/tor-fronting-utilising-hidden-services-to-hide-attack-infrastructure-2761ae19031e

 

[kitsunefx]

Have you tried TOR fronting?

https://medium.com/@vysec.private/tor-fronting-utilising-hidden-services-to-hide-attack-infrastructure-2761ae19031ehttps://medium.com/@vysec.private/tor-fronting-utilising-hidden-services-to-hide-attack-infrastructure-2761ae19031e

i'm not sure if this would work if the target network blocks tor or tor2web services