creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-15 15:34:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/building-c2-infrastructure-with-sliver-framework/references/workflows.md
T

73 lines
2.3 KiB
Markdown
Raw Blame History

# Workflows - Sliver C2 Infrastructure
## Infrastructure Deployment Workflow
```
1. Planning Phase
├── Define engagement scope and authorized targets
├── Select cloud providers for team server and redirectors
├── Register domains for C2 channels (categorized domains preferred)
└── Obtain SSL certificates (Let's Encrypt or purchased)
2. Team Server Setup
├── Deploy VPS with hardened OS configuration
├── Install Sliver server daemon
├── Configure firewall rules (restrict to redirector IPs only)
└── Generate operator configs for team members
3. Redirector Layer
├── Deploy 2+ redirector VPS instances in different regions
├── Configure NGINX reverse proxy on each redirector
├── Implement Apache mod_rewrite rules for traffic filtering
└── Optionally add Cloudflare CDN layer
4. Listener Configuration
├── HTTPS listener (primary) with valid SSL cert
├── DNS listener (fallback) for restricted networks
├── mTLS listener (high-security sessions)
└── WireGuard listener (tunneled access)
5. Implant Generation
├── Generate OS-specific beacons (Windows, Linux, macOS)
├── Configure callback intervals and jitter
├── Test implant connectivity through redirector chain
└── Validate implant evasion against target AV/EDR
6. Operational Use
├── Deploy implant to target via initial access vector
├── Establish C2 session through redirector infrastructure
├── Execute post-exploitation tasks
└── Maintain operational security throughout engagement
```
## Failover and Resilience Workflow
```
Primary C2 Path:
Target → Redirector A → Team Server (HTTPS/443)
Failover Path 1:
Target → Redirector B → Team Server (HTTPS/8443)
Failover Path 2:
Target → DNS Resolver → Team Server (DNS/53)
Emergency Path:
Target → WireGuard Tunnel → Team Server (UDP/51820)
```
## Multi-Operator Workflow
```
1. Team Lead generates operator configs:
sliver-server > new-operator --name <operator> --lhost <server-ip>
2. Distribute .cfg files securely to each operator
3. Operators connect using Sliver client:
sliver-client import <operator-config.cfg>
4. All operators share access to beacons and sessions
5. Use naming conventions for implants per operator
```
Reference in New Issue View Git Blame Copy Permalink