Difficulty: 6/10
A Command & Control (C2) framework is a persistence mechanism used by attackers, where by implanting an agent (executable) that redirects to a C2 server that the attacker owns, they are able to remotely manage your machine.
Resources
This is an awesome list of C2s: https://github.com/tcostam/awesome-command-control
Vulns
This should go without saying, but these vulns should simulate C2 activity, and not actually exfiltrate data from the machine to a 3rd party. The more C2s you are able to create vulns for, the better! However, there are some especially common ones that you must have:
How to resolve this issue
You can create a fork of the repo, add the desired vulns, and then submit a pull request. Resources explaining how to add vulnerabilities are present in our documentation, slides, and video
Difficulty: 6/10
A Command & Control (C2) framework is a persistence mechanism used by attackers, where by implanting an agent (executable) that redirects to a C2 server that the attacker owns, they are able to remotely manage your machine.
Resources
This is an awesome list of C2s: https://github.com/tcostam/awesome-command-control
Vulns
This should go without saying, but these vulns should simulate C2 activity, and not actually exfiltrate data from the machine to a 3rd party. The more C2s you are able to create vulns for, the better! However, there are some especially common ones that you must have:
How to resolve this issue
You can create a fork of the repo, add the desired vulns, and then submit a pull request. Resources explaining how to add vulnerabilities are present in our documentation, slides, and video