This repository houses a valuable compilation of data to identify Commands and Controls (C2)
This is a repository that contains data on how to identify Commands & Controls (C2) from semi-free open platforms, offering valuable resources to enhance your incident detection and response skills.
-
[ Shodan ] (https://www.shodan.io/)
-
[ Fofa] (https://en.fofa.info/)
-
[Censys] (https://search.censys.io/)
-
[Hunting Sliver C2 Infrastructure using Censys] (https://twitter.com/MichalKoczwara/status/1591326977457258497)
-
[Hunting Cobalt Strike with Shodan ] (https://michaelkoczwara.medium.com/cobalt-strike-c2-hunting-with-shodan-c448d501a6e2)
- [Hunting Supershell C2 ] (https://twitter.com/nahamike01/status/1643906047583879168)
- [ Hunting Titan Stealer] (https://twitter.com/ShilpeshTrivedi/status/1661299816436203525)
- [Vidar C2 Tracking] (https://twitter.com/crep1x/status/1722660214669730107)
- [Hunting Silver C2 shodan] (https://twitter.com/MichalKoczwara/status/1580683916939530240)
- [C2 capture with regex signatures, TLS certificates] (https://twitter.com/embee_research/status/1729031520072212521)
- [C2 Beaconing at scale in the modern age ] (https://www.sans.org/presentations/hunting-c2-beaconing-at-scale-in-the-modern-age/)
- [Hunting C2 with shodan] (https://michaelkoczwara.medium.com/hunting-c2-with-shodan-223ca250d06f)
- [Hunting Cobalt Srike Servers] (https://bank-security.medium.com/hunting-cobalt-strike-servers-385c5bedda7b)
- [Cobalt Strike Hunting — simple PCAP and Beacon Analysis] (https://michaelkoczwara.medium.com/cobalt-strike-hunting-simple-pcap-and-beacon-analysis-f51c36ce6811)
- [Guide to Named Pipes and Hunting for Cobalt Strike Pipes] (https://svch0st.medium.com/guide-to-named-pipes-and-hunting-for-cobalt-strike-pipes-dc46b2c5f575)
- [Hunting Chinese Kuluoz C2 Servers.] (https://medium.com/@hackbynight/hunting-chinese-kuluoz-c2-servers-db084fcb3d7c)
- [Discovering C2 IPs Through Shodan?] (https://infosecwriteups.com/discovering-c2-ips-through-shodan-5e512b0a99cb)
- [Detecting Sliver C2 framework with Wazuh] (https://wazuh.com/blog/detecting-sliver-c2-framework-with-wazuh/)
- [Pivoting from VirusTotal to Shodan and uncovering all threat actor infra] (https://twitter.com/MichalKoczwara/status/1652067563545800705)
- [Using AlienVX to find over 10,000 exposed C2] (https://otx.alienvault.com/browse/global/indicators?include_inactive=0&sort=-modified&page=1&limit=10&type=domain&indicatorsSearch=role:%22command_and_control%22%20c2) :
-
[Continuous C2 hunting with Censys, Shodan, Onyphe and TheHive] (https://hackmd.io/@ninoseki/SkUaSrqoE?type=view)
-
[Twitter profile to find C2 diaries] (https://twitter.com/drb_ra)
-
[Detecting and decrypting Sliver C2 – a threat hunter’s guide
-
[Detecting and decrypting c2 a threat hunters guide] (https://www.immersivelabs.com/blog/detecting-and-decrypting-sliver-c2-a-threat-hunters-guide/)
-
[Hunting C2 Beaconing at Scale in the Modern Age] (https://www.youtube.com/watch?v=UsDqAQs9WFQ)
-
[How to Find Malware C2 Panels] (https://www.youtube.com/watch?v=5a-wajRy-jc)
-
[C2 Server Hunting: Empowering Threat Intelligence with Nuclei Templates] (https://blog.projectdiscovery.io/hunting-c2-servers/)
-
[Identifying and hunting PowerShell Empire C2 and Mimikatz Activity with QRADAR] (https://www.youtube.com/watch?v=WJeHPhi2N3U)
-
[Hunting C2s with Nuclei] (https://axelarator.github.io/posts/hunt/)
- [ INVESTIGATE C2 WITH BRIM ] (https://tryhackme.com/romm/brim)
- [You are tasked to conduct an investigation from a workstation affected by a full attack chain] (https://tryhackme.com/room/tempestincident)
[Hunting C2 Beaconing at Scale in the Modern Age] (https://github.com/Cyb3r-Monk/ACCD/blob/main/Hunting%20C2%20Beaconing%20at%20Scale%20in%20the%20Modern%20Age.pdf)