Maelstrom: C2 Development Blog Series We wanted to explore ho | Devious Methods

Maelstrom: C2 Development Blog Series

We wanted to explore how C2s function in 2022, what evasive behavior's are required, and what a minimum viable C2 looks like in a world of sophisticated endpoint protection.

Which gave us our goals for this blog series:

- Document the internals of a minimum viable C2:
* What are the ideas behind popular C2 implementations?
* What are their goals and objectives?
- Analyse and implement evasive behaviors:
* What is required to run on a contemporary Windows system?
* What is required to bypass up-to-date, modern endpoint protection?
- Produce a proof-of-concept C2:
* What is the minimum viable C2 for an operator in 2022?
* What is required to detect this minimum viable C2?

Maelstrom: An Introduction
Maelstrom: The C2 Architecture
Maelstrom: Building the Team Server
Maelstrom: Writing a C2 Implant

#maldev #c2