Mapped every skill to NIST CSF 2.0 subcategory IDs (GV/ID/PR/DE/RS/RC functions) based on subdomain and content analysis. Restores 11 skills corrupted during prior rebase, re-enriching with ATLAS, D3FEND, NIST AI RMF, and CSF 2.0 fields. All 754 skills now carry structured mappings for all 5 security frameworks: - MITRE ATT&CK (in tags) - MITRE ATLAS v5.5 (atlas_techniques) - MITRE D3FEND v1.3 (d3fend_techniques) - NIST AI RMF 1.0 (nist_ai_rmf) - NIST CSF 2.0 (nist_csf)
2.2 KiB
name, description, domain, subdomain, tags, version, author, license, nist_csf
| name | description | domain | subdomain | tags | version | author | license | nist_csf | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| performing-red-team-with-covenant | Conduct red team operations using the Covenant C2 framework for authorized adversary simulation, including listener setup, grunt deployment, task execution, and lateral movement tracking. | cybersecurity | red-team |
|
1.0 | mahipal | Apache-2.0 |
|
Performing Red Team Operations with Covenant C2
Overview
Covenant is a collaborative .NET C2 framework for red teamers that provides a Swagger-documented REST API for managing listeners, launchers, grunts (agents), and tasks. This skill covers automating Covenant operations through its API for authorized red team engagements: creating HTTP/HTTPS listeners, generating binary and PowerShell launchers, deploying grunts, executing tasks on compromised hosts, and tracking lateral movement.
When to Use
- When conducting security assessments that involve performing red team with covenant
- When following incident response procedures for related security events
- When performing scheduled security testing or auditing activities
- When validating security controls through hands-on testing
Prerequisites
- Covenant C2 server deployed (Docker or .NET 6)
- Python 3.9+ with
requestslibrary - Covenant API token (obtained via /api/users/login)
- Written authorization for red team engagement
- Isolated lab or authorized target environment
Steps
Step 1: Authenticate to Covenant API
Obtain a JWT token by posting credentials to /api/users/login endpoint.
Step 2: Create Listener
Configure an HTTP or HTTPS listener with callback URLs and bind address.
Step 3: Generate Launcher
Create a binary, PowerShell, or MSBuild launcher tied to the listener for grunt deployment.
Step 4: Deploy and Manage Grunts
Monitor grunt callbacks, execute tasks, and collect output from compromised hosts.
Step 5: Document Operations
Generate an operations report documenting all actions, timestamps, and findings.
Expected Output
JSON report with listener configuration, active grunts, executed tasks, and task output for engagement documentation.