Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Interview Preparation Questions > C2 Infrastructure > Flashcards

C2 Infrastructure Flashcards

1
Q

What’s the primary purpose of a CDN in C2 infrastructure?

A

Blends malicious traffic with legitimate content distribution

Provides geographic distribution of payloads

OPSEC: Appears as normal web traffic (e.g., Azure CDN, CloudFront)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Name 3 types of redirectors and their functions

A

HTTP(S): Proxy traffic (Nginx/Caddy) with TLS termination

DNS: Resolve domains to backend IPs

SMTP: Email-based C2 filtering

OPSEC: Prevents direct Team Server exposure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How does domain fronting evade detection?

A

Uses legitimate domains in TLS SNI field (e.g., google.com)

Routes traffic to malicious backend via shared CDN

OPSEC: Makes traffic appear to go to trusted services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What hardening is critical for C2 Team Servers?

A

Network isolation (private VPC/VNet)

Encrypted disks (LUKS/Azure CMK)

Port obscurity (non-50050 for Cobalt Strike)

OPSEC: Never exposed to direct internet access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Name 3 stealthy payload delivery methods

A

Signed MSI packages via stolen certs

OneNote files with embedded LNKs

Cloud Storage (S3/GCS) with pre-signed URLs

OPSEC: Bypasses “untrusted source” warnings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What distinguishes a beacon from other implants?

A

Checks in at randomized intervals (jitter)

Uses protocol mimicry (HTTP/HTTPS/DNS)

OPSEC: Small memory footprint, no disk writes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How do dead drops enhance persistence?

A

Implants fetch new C2 IPs from benign sites (GitHub Gist, Pastebin)

Uses steganography in images/TXT records

OPSEC: Avoids hardcoded C2 endpoints

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Why use canary tokens in redirectors?

A

Triggers alerts if scanned (e.g., fake /wp-admin paths)

Detects security researcher activity

OPSEC: Early warning of infrastructure discovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What makes WireGuard preferable for C2?

A

Lightweight (~4K LOC vs OpenVPN’s 600K)

Native roaming between IPs

OPSEC: Easier to blend with legit VPN traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Key logging practices for C2 OPSEC

A

Centralized logging (Graylog/Elastic)

Short retention periods (<72hrs)

Log sanitization (remove client IPs)

OPSEC: Limits forensic evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Why use Let’s Encrypt vs self-signed certs?

A

Trusted by default in all browsers

Automatic 90-day rotation

OPSEC: Avoids “invalid cert” warnings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How to implement geographic filtering

A

Block non-target regions at CDN/WAF layer

Use ASN blocks for cloud providers

OPSEC: Reduces scanning/analysis from foreign IPs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What do malleable C2 profiles control?

A

HTTP headers/paths matching target industry

TLS fingerprint customization

Sleep/jitter patterns

OPSEC: Makes traffic pattern unique per engagement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Interview Preparation Questions (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions