- Add validated mitre_attack frontmatter to all 754 skills (286 distinct
techniques), verified against MITRE ATT&CK v19.1 via the official
mitreattack-python library: 0 revoked, deprecated, or invalid IDs
- Curate precise per-skill technique IDs for forensics, malware-analysis,
threat-intel, and red-team skills (e.g. DCSync -> T1003.006,
Kerberoasting -> T1558.003, Pass-the-Ticket -> T1550.003)
- Reconcile v19.1 tactic restructuring: Defense Evasion split into
Stealth (TA0005) and Defense Impairment (TA0112); revoked T1562.*
family and T1070.001/.002 remapped to active equivalents (T1685.*)
- Normalize word-split tags across 35 skills (remove filename-derived
stopword tags, add semantic cybersecurity tags)
- Add api-reference.md for 3 skills that were missing it
- Update README ATT&CK section with accurate v19.1 tactic distribution
Build and configure a resilient command-and-control infrastructure using BishopFox's Sliver C2 framework with redirectors, HTTPS listeners, and multi-operator support for authorized red team engagements.
cybersecurity
red-teaming
red-team
c2-framework
sliver
command-and-control
adversary-simulation
infrastructure
post-exploitation
1.0
mahipal
Apache-2.0
File Metadata Consistency Validation
Certificate Analysis
Application Protocol Command Analysis
Content Format Conversion
File Content Analysis
ID.RA-01
GV.OV-02
DE.AE-07
T1071.001
T1071.004
T1573.002
T1090.002
T1105
T1572
Building C2 Infrastructure with Sliver Framework
Overview
Sliver is an open-source, cross-platform adversary emulation framework developed by BishopFox, written in Go. It provides red teams with implant generation, multi-protocol C2 channels (mTLS, HTTP/S, DNS, WireGuard), multi-operator support, and extensive post-exploitation capabilities. Sliver supports beacon (asynchronous) and session (interactive) modes, making it suitable for both long-haul operations and interactive exploitation. A properly architected Sliver infrastructure uses redirectors, domain fronting, and HTTPS certificates to maintain operational resilience and avoid detection.
When to Use
When deploying or configuring building c2 infrastructure with sliver framework capabilities in your environment
When establishing security controls aligned to compliance requirements
When building or improving security architecture for this domain
When conducting security assessments that require this implementation
Prerequisites
Familiarity with red teaming concepts and tools
Access to a test or lab environment for safe execution
Python 3.8+ with required dependencies installed
Appropriate authorization for any testing activities
Objectives
Deploy a Sliver team server on hardened cloud infrastructure
Configure HTTPS, mTLS, DNS, and WireGuard listeners
Generate implants (beacons and sessions) for target platforms
Set up NGINX or Apache redirectors between implants and the team server
Implement Cloudflare or CDN-based domain fronting for traffic obfuscation
Configure multi-operator access with certificate-based authentication
Establish operational security controls for C2 communications
MITRE ATT&CK Mapping
T1071.001 - Application Layer Protocol: Web Protocols