creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 22:24:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/building-c2-infrastructure-with-sliver-framework/references/workflows.md
T

2.3 KiB
Raw Blame History

Workflows - Sliver C2 Infrastructure

Infrastructure Deployment Workflow

1. Planning Phase
   ├── Define engagement scope and authorized targets
   ├── Select cloud providers for team server and redirectors
   ├── Register domains for C2 channels (categorized domains preferred)
   └── Obtain SSL certificates (Let's Encrypt or purchased)

2. Team Server Setup
   ├── Deploy VPS with hardened OS configuration
   ├── Install Sliver server daemon
   ├── Configure firewall rules (restrict to redirector IPs only)
   └── Generate operator configs for team members

3. Redirector Layer
   ├── Deploy 2+ redirector VPS instances in different regions
   ├── Configure NGINX reverse proxy on each redirector
   ├── Implement Apache mod_rewrite rules for traffic filtering
   └── Optionally add Cloudflare CDN layer

4. Listener Configuration
   ├── HTTPS listener (primary) with valid SSL cert
   ├── DNS listener (fallback) for restricted networks
   ├── mTLS listener (high-security sessions)
   └── WireGuard listener (tunneled access)

5. Implant Generation
   ├── Generate OS-specific beacons (Windows, Linux, macOS)
   ├── Configure callback intervals and jitter
   ├── Test implant connectivity through redirector chain
   └── Validate implant evasion against target AV/EDR

6. Operational Use
   ├── Deploy implant to target via initial access vector
   ├── Establish C2 session through redirector infrastructure
   ├── Execute post-exploitation tasks
   └── Maintain operational security throughout engagement

Failover and Resilience Workflow

Primary C2 Path:
  Target → Redirector A → Team Server (HTTPS/443)

Failover Path 1:
  Target → Redirector B → Team Server (HTTPS/8443)

Failover Path 2:
  Target → DNS Resolver → Team Server (DNS/53)

Emergency Path:
  Target → WireGuard Tunnel → Team Server (UDP/51820)

Multi-Operator Workflow

1. Team Lead generates operator configs:
   sliver-server > new-operator --name <operator> --lhost <server-ip>

2. Distribute .cfg files securely to each operator

3. Operators connect using Sliver client:
   sliver-client import <operator-config.cfg>

4. All operators share access to beacons and sessions
5. Use naming conventions for implants per operator
Reference in New Issue View Git Blame Copy Permalink