Development and operations a practical guide
Download 4.62 Mb. View original pdf
|
- Navigate this page:
- Interactive (Tier 3)
| C2 Tiers Designing a robust C infrastructure involves creating multiple layers of Command and Control. These can be described as tiers. Each tier offers a level of capability and covertness. The idea of using multiple tiers is the same as not putting all your eggs in one basket. If C is detected and blocked, having a backup will allow operations to continue. C tiers generally fall into three categories Interactive, Short Haul, and Long Haul. These are sometimes labeled as Tier 1, 2, or There is nothing unique to each tier other than how they are used, and the deployment of redirectors is independent of the C tier. The general rules to maintain multiple tiers are: ● Maintain discipline in each tier, and use it only for its intended purpose ● Only pass or establish new sessions down Long Haul can pass only to Short Haul or Interactive Short can pass to Interactive Interactive can pass only to other interactive sessions ● For each tier, use a different profile—communication type, ports, protocols, callback times, etc. Slow down callback time when not in use Of course, there are exceptions to these rules. A Red Team must be flexible to achieve goals. If a rule is violated, be aware of the exposure risks before performing an action. For example, say that a Long Haul server dies after it is initially established. A Short or Interactive tier maybe needed to reestablish the Long Haul. Tiers and Their Uses Interactive (Tier 3) ● Used for general commands, enumeration, scanning, data exfiltration, etc. ● This tier has the most interaction and is at the greatest risk of exposure ● Plan to lose access from communication failure, agent failure, or Blue Team actions ● Run enough interactive sessions to maintain access (Although interactive, this doesn’t mean blasting the client with packets. Use good judgment to minimize interaction to just enough to perform an action Download 4.62 Mb. Share with your friends:
|