# C2 Framework

## What is a C2 Framework?

C2 is the acronym for Command and Control (C\&C can also be used).

A C2 Framework is a collection of tools and tactics used by attackers(Red teamers here) to keep in touch with compromised devices after the initial exploitation. Although the different possibilities differ widely across framework, C2 typically includes of one or more covert communication channels between exploited devices (VM from the homelab) and a platform controlled by the attacker (The windows host).

These channels are used to send commands to the infected devices, download further malicious payloads, pivot in the network and exfiltrate stolen data back to the attacker.

### Choice of a C2 Framework

Here I'm going to use two different one:

* [Cobalt Strike](https://www.cobaltstrike.com/), a commercial framework (The most often professionally use)
* [Covenant](https://github.com/cobbr/Covenant), a collaborative .NET C2 framework for red teamers

I still encourage you to explore the others one or even develop your own. 

A good reference to choose your c2 is the [C2 matrix Project](https://www.thec2matrix.com/matrix), it's goal is to point you to the best C2 framework for your needs based on your adversary emulation plan and the target environment.

### C2 Introduction

First I recommend to follow up to these two resources:

{% tabs %}
{% tab title="Cobalt Strike" %}
{% embed url="<https://www.youtube.com/playlist?list=PL9HO6M_MU2nfQ4kHSCzAQMqxQxH47d1no>" %}
Video playlist to learn Cobalt Strike basics
{% endembed %}
{% endtab %}

{% tab title="Covenant" %}
{% embed url="<https://www.youtube.com/watch?v=oN_0pPI6TYU>" %}
Video to learn Covenant basics
{% endembed %}
{% endtab %}
{% endtabs %}

### C2 Installation

{% tabs %}
{% tab title="Cobalt Strike" %}
{% embed url="<https://hstechdocs.helpsystems.com/manuals/cobaltstrike/current/userguide/content/topics/install_intro.htm>" %}
{% endtab %}

{% tab title="Covenant" %}
{% embed url="<https://github.com/cobbr/Covenant/wiki/Installation-And-Startup>" %}
{% endtab %}
{% endtabs %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.breaching-defenses.com/tools/c2-framework.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.