Over the course of 2022, Michael and I have been working on a series discussing the development of a C2 series and we've tried to always consider both sides through the entire project. The series, to date, can be found in this post.
- Maelstrom: An Introduction
- Maelstrom: The C2 Architecture
- Maelstrom: Building the Team Server
- Maelstrom: Writing a C2 Implant
- Maelstrom: EDR Kernel Callbacks, Hooks, and Call Stacks
- Maelstrom: Working with AMSI and ETW for Red and Blue
- Maelstrom: Static OpSec Review
The next step for us was to move onto Runtime Analysis, and then into some more specific expansions on previous blogs. However, Mez0 summarised 99% of the runtime analysis in Windows Processes, Nefarious Anomalies, And You:
- Windows Processes, Nefarious Anomalies, And You: Memory Regions
- Windows Processes, Nefarious Anomalies, And You: Threads
Moving forward, we may revive the series at some point if we feel the need to, or suggestions are made via Twitter.
This series was written by: