Command & Control
A command and control (C&C) infrastructure consists of servers and other technical infrastructure used to control malware in general, and, in particular, botnets.
Command and control servers may be either directly controlled by the malware operators, or themselves run on hardware compromised by malware.
Vocabulary
- Listeners are fairly self-explanatory. They listen for a connection and facilitate further exploitation.
- Stagers are essentially payloads generated by Empire to create a robust reverse shell in conjunction with a listener. They are the delivery mechanism for agents.
- Agents are the equivalent of a Metasploit "Session". They are connections to compromised targets, and allow an attacker to further interact with the system.
- Modules are used to in conjunction with agents to perform further exploitation. For example, they can work through an existing agent to dump the password hashes from the server.
Tools
- CobaltStrike
- metasploit-framework
- Empire as server & Starkiller as frontend
- PoshC2
- shad0w
- merlin
- Covenant