Red Team Leaders
  • Welcome
  • DOCUMENTATION
    • Adversary Emulation Guide
    • Red Team Operations Framework
    • Purple Team Operations
    • The first 90 days of a new Red Team
  • Red Team Infrastructure
    • Command and Control
      • C2 Redirectors Part.1
  • OFFENSIVE SECURITY
    • Defense Evasion
      • Simple Shellcode Runner in Rust
      • Pass the Hash Attack with Mimikatz and PsExec
      • Direct Syscall Execution in Windows
      • Hookchain Technique Introduction by Helvio Júnior (M4v3r1ck)
    • Credential Access
      • Dumping LSASS with Direct Syscalls
    • Windows Internals and API
      • Building Backdoors with Alternative Socket with lib-nosa (No Socket API)
      • Windows API Hashing to Malware
      • Detection of Hooked Syscalls in ntdll.dll
    • Privilege Escalation
      • Windows UAC Bypass Techniques
      • Obtaining SYSTEM privilege via a vulnerable driver using a Userland program
  • Offensive Artificial Intelligence
    • Prompt Injection 101
Powered by GitBook
On this page
  • Red Team Redirectors Guide
  • Introduction
  • Chapter 1: Understanding Redirectors
  • Chapter 2: Configuring Redirectors
  • Chapter 3: Tools and Resources
  • Conclusion
  1. Red Team Infrastructure
  2. Command and Control

C2 Redirectors Part.1

Red Team Redirectors Guide

Introduction

This guide explores the concept, implementation, and operational security benefits of using redirectors in red team engagements. Redirectors are pivotal in obscuring the point of origin of attacks, thereby shielding critical infrastructure and complicating the efforts of blue team defenders and threat hunters.

Chapter 1: Understanding Redirectors

1.1 What is a Redirector?

A redirector functions as a proxy that listens for incoming connections and forwards them to a specified host and port. This technique is crucial for protecting the location of your Command and Control (C2) servers by ensuring that only the redirector's IP is exposed to potential defenders.

1.2 Why Use Redirectors?

  • OpSec Security: Redirectors enhance operational security by masking the traffic's origin, making it harder for defenders to trace back to the C2 server.

  • Flexibility: Redirectors allow for dynamic changes in infrastructure without altering the implant or the core C2 server.

  • Resilience: If a redirector is detected and blocked, new ones can be easily set up without compromising the C2 server.

Chapter 2: Configuring Redirectors

2.1 Basic Configuration

Example of a simple redirector setup:

  • C2 Server: Kali Linux at 1.1.1.1

  • Redirector: Ubuntu server at 1.1.1.2

  • Target: Windows 11 at 1.2.2.2

Steps:

  1. Kali Linux (C2 Server):

    • Configure the listener for the C2 agent to connect back to the redirector’s IP and designated port (e.g., 443 for HTTPS).

  2. Ubuntu (Redirector):

    • Use socat to forward incoming traffic:

      sudo socat TCP4-LISTEN:443,fork TCP4:1.1.1.1:443

    • This command makes the Ubuntu server listen on port 443 and forward all connections to the C2 server.

  3. Target Machine:

    • Execute the agent. The traffic from this machine will appear to be directed only to the redirector.

2.2 Advanced Techniques

  • Domain Fronting: Utilize legitimate domain names to camouflage C2 traffic.

  • SSL/TLS Bumping: Encrypt traffic between the redirector and C2 to prevent content inspection.

  • Balancing Load Among Multiple Redirectors: Use DNS round-robin or other load balancing techniques to distribute traffic among multiple redirectors.

Chapter 3: Tools and Resources

3.1 Socat

A versatile utility that allows for complex forwarding setups, including TCP and UDP traffic.

3.2 Cloudflare Configuration

Leveraging Cloudflare can provide additional anonymity and security features. More details can be found in the following articles:

3.3 Redirect Rules

An essential tool for managing complex redirector setups, allowing for flexible traffic management based on rules:

Conclusion

Redirectors are a foundational element of sophisticated red team operations, providing both security and resilience to your C2 infrastructure. By effectively using redirectors, teams can maintain the upper hand in engagements by staying hidden and adaptable.

PreviousCommand and ControlNextDefense Evasion

Last updated 9 months ago

Configuring Cloudflare for Redirection
Advanced Redirection Techniques
Redirect Rules Tool