C2 Setup


Register custom domain and setup lets encrypt to get a valid certificate. Then use a reverse proxy to forward traffic to the c2 which is only reachable on localhost (or a remote server).

Apache reverse proxy

SSLProtocol TLSv1.2
ProxyPreserveHost on
ProxyRequests off
SSLEngine on
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off

ProxyPass /test/example.txt
ProxyPassReverse /test/example.txt

The idea is to proxy only certain endpoints to the C2 server (change the default profile and make an entry for each route).

Phishing Setup

  1. Register Account with njal.la and buy a similar sounding domain anonymously

  2. Register Account with mailgun and subscribe to enable custom domains, then register your fresh domain there and make the required dns entries

  3. Setup GoPhish Server on a EC2 instance, use mailgun smtp credentials to send mails

Then setup a good landing page, link the page in your email and have the page contain a download link for a document, exe etc., depending on your pretext.

Finally test your mail vs. a private address and if everything works out send it to the targets. Make sure the pretext contains calls to action and a sense of urgency (e.g. install this software to keep working remotely, fill this document to receive something etc.)

Last updated