Introduction

Command and Control (C2) of software implants is a fundamental part of any Red Team operation. Over the years, there has been a proliferation of C2 frameworks to aid with the task of setting up and controlling software implants in a target environment. These include names like Empire, Cobalt Strike, Covenant, Merlin, Mythic, SILENTTRINITY, PoshC2, Sliver and many more. The list has grown so large that there is a dedicated effort to track the number of C2 frameworks released called C2 Matrix. As a student of adversary tactics, it's an incredible time to learn from these frameworks and identify the qualities of a good implant. With the abundance of blog posts and conference talks on the topic of C2, it's an even better time to try your hand at building a C2 framework of your own. Knowing how the foundations of these C2 frameworks are built will arm you with the skills necessary to customize available tools for your own needs or have the benefit of a custom solution that is unknown to AV/EDR vendors. That foundational knowledge of C2 frameworks and implants is what this book aims to provide.

Looking at the list of open source C2 software, the most popular programming languages tend to be C#, Python, PowerShell and Go. The language of C++ is starting to see a slight bump, but at the time of writing this book, there is not a lot of representation and it's more difficult to find resources on the subject of writing a C2 implant in C++. There are several advantages to learning how to write a C2 implant in C++, the biggest ones being that it allows you to easily interface with the Windows API and the executables are generally harder to reverse engineer compared to implants written in C#, Python or PowerShell. Modern C++ also has a lot of interesting features that are worth applying to a subject like C2. This book will show you the ways in which you can start building C2 implants with modern C++, give you a basic framework to play with and provide a practical project in which to apply your programming skills.

The structure of the book starts with some theory on C2 framework design and fundamental principles. It follows up with a Python project to establish the C2 server or "listening post" and building out the major components of an implant in C++. Finally, we end with constructing a CLI client that can be used to easily interface with the listening post and implant.

The contents are as follows:

• Introduction

• Chapter 1: Designing a C2 Infrastructure

• Chapter 2: Establishing a Listening Post

• Chapter 3: Basic Implant & Tasking

• Chapter 4: Operator CLI Client

• Conclusion

• Special Thanks & Credits

All the source code used in this book is open source and available at the following GitHub repository: https://github.com/shogunlab/building-c2-implants-in-cpp​

The audience for this book is primarily people new to implant development and those without a lot of C++ experience. I assume some prerequisite knowledge such as familiarity with basic software development, but I'll try to explain as much as possible. In a later Part 2, I intend to cover topics that are not aimed at the beginner level, but for this primer I want to establish a solid foundation that's simple/easy to get started with.

Lastly, I'd like to thank the following individuals and groups for serving as the inspiration for this book and giving me the skills to pursue this topic:

• ​C++ Crash Course author (Josh Lospinoso)

• ​SpecterOps Red Team Operations course instructors (Cody Thomas, Matt Hand, Will Schroeder, Carlo Alcantara)

• ​Silent Break Security Dark Side Ops: Malware Dev course instructors (Trevor Alexander, Nick Landers, Will Pearce)

With that, I hope you enjoy the book and learn some new things along the way!

--Steven Patterson (@shogun_lab)