A curated collection of C2 frameworks that leverage legitimate services to evade detection.
Each entry includes:
- C2 Projects - Open-source tools and PoCs demonstrating the technique
- Detection Indicators - Network IOCs, user-agent strings, file artifacts, and behavioral detection strategies
- Description & Analysis - How the C2 flow works, why it's hard to detect, real-world (ITW) samples from APT campaigns, and key detection opportunities for blue teams
Currently tracking 53 abused services, 132 C2 projects, and 529 detection rules.
Found a new C2 project or detection logic? Click the Contribute button on any entry to open a prefilled GitHub issue, or submit a pull request directly.
Idea from https://mthcht.medium.com/c2-hiding-in-plain-sight-7a83963b9344