tutorial

Learning Sliver C2 (05) - Transports in Detail: DNS

9 minute read Published:

A post about Sliver's DNS C2 protocol. I'll show how to use beacons compiled with DNS C2 endpoints and briefly touch upon the kind of traffic they generate. In contrast to HTTP C2 traffic though, DNS C2 traffic looks clearly malicious and cannot be modified to make it stealthy. Thus, a very quick look shall suffice. To enable you to try out DNS C2 in a lab, there is also some info DNS server configuration.
Sliver C2 This post is part of a tutorial blog post series on Sliver C2 (v1.5.16). For an overview: click here. Introduction In very restricted environments, your target machine may be unable to establish connections to the Internet directly. The previous post 04 - Transports in Detail: HTTP and HTTPS was about Sliver’s HTTP-based C2 protocols, which may allow to get a C2 callback nevertheless if the target can send HTTP requests out via a proxy.

Learning Sliver C2 (04) - Transports in Detail: HTTP and HTTPS

19 minute read Published:

A post about the HTTP(S) Sliver C2 protocol. I'll show how to use beacons compiled with HTTP C2 endpoints, with a focus on illustrating the traffic these beacons generate. There is also some info on how to modify the traffic such that it looks less like the default. Before diving into the subject matter, there are also instructions for adding a web proxy to the lab setup that is built up iteratively in this series of blog posts.
Sliver C2 This post is part of a tutorial blog post series on Sliver C2 (v1.5.16). For an overview: click here. Introduction This is the second post in a series about Sliver’s C2 protocols. The last one (03 - Transports in Detail: mTLS and WireGuard) was an exploration of the two most recommended and easy-to-use protocols mTLS and WireGuard. However, not all environments allow establishing such connections to your C2 infrastructure.

Learning Sliver C2 (03) - Transports in Detail: mTLS and WireGuard

11 minute read Published:

A post about two of the four Sliver C2 protocols: mutual TLS (mTLS) and WireGuard. I'll show how to use sessions and beacons with these protocols. Using Wireshark, you will also see what kind of traffic could be observed when you deploy such implants. Like in the previous Sliver-related posts, a couple of instructions for additional lab setup are included. I'll add a DNS server to make the traffic look more realistic.
Sliver C2 This post is part of a tutorial blog post series on Sliver C2 (v1.5.16). For an overview: click here. Introduction After discussing Sliver beacon and session implants in general in 02 - Beacons and Sessions, I’ll now have a more detailed look at the four different C2 protocols you can choose from. This post covers the first two of them, which are mutual TLS (mTLS) and WireGuard. Both are strongly recommended in the official Getting Started Guide.

Learning Sliver C2 (02) - Beacons and Sessions

14 minute read Published:

This post is about how to use Sliver implants (C2 agents) to remote-control target computers from a Sliver C2 server. I'll showcase both the session mode, which establishes an interactive session with immediate command execution and feedback, and the beacon mode, which makes the implant connect back and fetch jobs in regular intervals. To make following along easy, some instructions on lab setup are included.
Sliver C2 This post is part of a tutorial blog post series on Sliver C2 (v1.5.16). For an overview: click here. Introduction This post demonstrates how to use so-called implants to remote-control a target machine from a Sliver C2 server. It is a follow-up to the previous one on Sliver C2 server installation (01 - Installation). To get familiar with the basics of Sliver, we’ll now add a (Windows) target machine to the setup.

Learning Sliver C2 (01) - Tutorial / Installation

8 minute read Published:

This post is about how to install the Sliver C2 framework from BishopFox on a blank Kali Linux server. It is meant as the kickoff post for a series of tutorial posts on how to use Sliver, but targeting beginner users rather than experienced red team veterans.
Sliver C2 Introduction Recently, I developed some interest into red teaming and wanted to try out a few things. As you might know, all of that is no fun without a command and control (C2) framework. Unfortunately, most of the well-known ones are terribly expensive (Cobalt Strike or SCYTHE). Not good for a few personal experiments at home. Fortunately though, there are plenty of open source solution out there. Check out the C2 matrix and you get more choices than you can handle.