Maelstrom: A C2 Series
Maelstrom was a series of blogs michaeljranaldo and I put together to go over the internals of a C2 and implant development. Our goal was to not completely arm offensive individuals, but make an attempt on detailing the internals so that we could get more granular detections too.
$ open --where=pre.empt.blog
# full series, 7 parts on C2 internals and implant dev
→ Maelstrom 1: An Introduction
→ Maelstrom 2: The C2 Architecture
→ Maelstrom 3: Building the Team Server
→ Maelstrom 4: Writing a C2 Implant
→ Maelstrom 5: EDR, Kernel Callbacks, Hooks, and Call Stacks
→ Maelstrom 6: Working with AMSI and ETW for Red and Blue
→ Maelstrom 7: Static OPSEC Review