A red team is involved in multiple engagements throughout the year and each engagement has a different set of requirements. Therefore, most red teams prefer to tear down the infrastructure used in the previous engagement and deploy a new one for the next. Depending upon the maturity, the team either may have a well-defined Standard Operating Procedures (SOPs) and Playbooks to build and deploy the infrastructure or they may be building and deploying it manually.

Manual builds and deployments take too much time. In my last post on C2 infrastructure, I discussed multiple architectures, ranging from simple to complex, which can be leveraged to design and deploy the infrastructure. The more complicated the architecture chosen the more time it will take to manually build and deploy the infrastructure according to it.

In this post I have listed six different tools that red team operators can use to automate the setup of their C2 infrastructure:

1. Terraform - Terraform is an Infrastructure as Code (IaC) tool developed by HashiCorp. It can be used to define and provision necessary components such as virtual machines (VMs) and networking resources. It is platform-agnostic and supports multiple cloud providers such as AWS, Azure, GCP and Digital Ocean.While Terraform primarily handles infrastructure provisioning, additional tasks like software installation and configuration changes can be managed by using simple bash scripts or though tools like Chef, Puppet, or Ansible. Here’s an example of using Terraform to deploy C2 infrastructure.

2. Ansible - Ansible is an open-source tool that automates tasks like configuration, software provisioning and updating of C2 infrastructure components after their initial deployment. It can be combined with IaC tools like Terraform for end-to-end automation of C2 infrastructure deployment. Ansible allows standardization across deployments via playbooks. Here’s an example of using Terraform and Ansible to deploy C2 infrastructure.

3. Docker - Docker is a platform for building, packaging, and running applications in lightweight, isolated containers, ensuring consistency across different environments. For C2 infrastructure automation, Docker simplifies deployment by bundling C2 frameworks and their dependencies into reusable images. It ensures portability, cross-platform compatibility, and automated builds, enabling quick and error-free provisioning. Docker also supports scalable setups, such as deploying C2 servers and redirectors. Here’s an example of how Jordan Wright automated the deployment of GoPhish, an open-source phishing framework, using Docker and Ansible.

4. Vagrant - Vagrant is an open-source tool allowing users to create and configure lightweight, reproducible, and portable virtual machines (VMs). It works with providers like VirtualBox, VMware, and AWS to automate the setup of VMs using simple configuration files (Vagrantfiles). For C2 infrastructure deployment, Vagrant can automate the creation of consistent environments for C2 servers, redirectors, and other components. It can integrate with tools like Ansible or Docker for further automation, making it ideal for testing and deploying complex C2 setups.

5. Puppet - Puppet is a configuration management tool used to automate the provisioning, configuration, and management of servers and infrastructure. It can provision C2 servers, redirectors, and other components by installing necessary software, setting up dependencies, and configuring services. Puppet is similar to Ansible in the sense that both are configuration management tools that automate the provisioning, configuration, and management of IT infrastructure. One primary difference between the two is while Ansible is agentless, Puppet is an agent-based tool.

6. AKSH - I developed AKSH some time back to learn AWS APIs. It is a Discord messaging bot that interfaces with AWS via APIs to automate various aspects of deploying and managing infrastructure on AWS. For example, through AKSH, you can deploy by issuing a single command (!deploy, that’s it). Behind the scences, AKSH will setup all the necessary infrastructure components (VPC, subnets, gateways, security groups, EC2 instances etc.) without any human intervention. Through AKSH you can also deploy [and manage] multiple infrastructure instances of different complexities at the same time (!deploy -infra name-, that’s it). Currently, AKSH works with pre-configured AWS AMIs only. However, it can be further developed to leverage tools like Ansible for automatic configuration and software provisioning as well.

Red Team Notes
- Automating the deployment of C2 infrastructure can save a lot of time that is otherwise spent in manually building it. 
- Red team operators can use tools like Terraform, Ansible, Docker, Vagrant, Puppet and AKSH to easily automate the deployment of C2 infrastructure.

Follow my journey of 100 Days of Red Team on WhatsApp or Discord.

Additional Resources

• Automating Red Team Infrastructure with Terraform

• Automating C2 Infrastructure with Terraform, Nebula, Caddy and Cobalt Strike

• New Skill Unlocked: C2 Infrastructure Automation

• Automated Empire Infrastructure

• Red Team Infrastructure Wiki