Mythic C2 Framework
Project URL: https://docs.mythic-c2.net/
Currently, I am working on a project related to learning and applying the concepts of Command and Control frameworks, particularly Mythic, in executing pentesting and red team engagements. Mythic is an open-source C2 framework developed to mimic adversary activity. It's a way for the offensive security team to have flexibility emulating an APT in a stealthy manner. This project's objective is to show deep knowledge about the C2 infrastructures, their purpose in post-exploitation activities, and how it could be used to simulate realistic attack scenarios during a security assessment. In developing a Mythic C2 environment and setting it within a simulated enterprise network, I am looking at a number of key elements:
- Initial Access and Persistence: Mythic is designed to provide support for different modular agents, such as Apollo or Poseidon, which can then emulate various types of payload to create footholds across target systems.
- Command Execution and Data Exfiltration: It has the capability for remote execution of commands on the compromised machine, which keeps the control and surreptitiously exfiltrates sensitive data.
- Defense Evasion: Realize advanced techniques to bypass detection mechanisms like AV, EDR solutions, or OS-level features; implement Mythic's covert communication channels with HTTP/S, DNS, and other protocols.
- Situational Awareness and Lateral Movement: C2 channels are used in order to gain intelligence, escalate privileges, and perform lateral movements across the network using evasion techniques.
