C2Workbench

RedditC2 is a novel framework that uses Reddit posts/comments as C2. Commands are "in:" comments, results are "out:" replies. Bare-bones (just shell exec, no real post-ex), but traffic blends into 430M users' Reddit API calls. Creative PoC Full analysis: c2workbench.com/framework/redd…

Orsted C2 is a modular Go framework featuring sandbox deception, AMSI/ETW evasion, and native Ligolo-ng pivoting for advanced red team simulations. meterpreter.org/the-ghost-in-t…

XiebroC2 runs fully in-memory—config in globals, runtime data in RAM, ObfuscateStrings rewrites blacklisted strings in byte-slices to evade memory scanning. Plus plugins for custom post-ex modules. Zero disk + in-memory obfuscation Full analysis: c2workbench.com/framework/xieb…

Although c2workbench.com only shows 98 frameworks at the moment, we have 239 catalogued in the back-end - which will eventually be made available in the front end. If I was to add an analytics page - what trends/analytics would you be interested in seeing?

AlanFramework ships agents as PE/DLL/PowerShell/shellcode - pick your delivery method. Fully in-memory execution + reflective DLL injection into remote processes + SOCKS5 pivoting. Multi-format flexibility meets operational versatility. Full analysis: c2workbench.com/framework/alan…

Multiple users are reporting messages like this one. Seems someone has hacked a malware C2 reddit.com/r/antivirus/co…

@Realm_C2 Hey, appreciate the feedback. Thats a new feature is its way overcooked things - still working out the right level of detail. All development is done on prod because infrastructures expensive! I will give you a shout in the next iteration

@C2Workbench Hey! That’s us 🙂👋 The install instructions look a little complicated - we usually recommend the steps in the README to get started locally or terraform apply for production.

@Realm_C2's Imix agents execute tasks as Eldritch scripts sent from the server (Tavern), no recompilation needed. Operators write Python-like code for post-ex and pivoting that runs in-memory on demand. Script-first C2 = rapid iteration. Full analysis: c2workbench.com/framework/realm

BlackMamba packs a full evasion suite: API unhooking, ETW patching, AMSI bypass, VM detection via registry/files, XOR string obfuscation, Working hours + kill-switch monitoring. All the EDR bypass primitives you need in one framework. Full Analysis: c2workbench.com/framework/blac…

DeimosC2's DoH agent hides C2 traffic inside DNS queries sent as HTTPS to Google/Cloudflare resolvers. Data chunked to DNS size limits & reassembled server-side. Clever use of legit infrastructure. DoH + encryption + Legit Infa = Stealthy Full analysis: c2workbench.com/framework/deim…

If you're a red teamer, C2 Workbench helps you understand your OPSEC gaps before deployment. Check what blue teams can actually see: default profiles, file system artifacts, network IOCs; what's configurable and what's hard-coded. c2workbench.com

If you’re into C2 (for redteam) and you’re not using C2 Workbench yet, you’re missing out. They catalogue top C2 frameworks like Havoc, Merlin… and even my humble phpsploit made the list 🙃 Check it out: c2workbench.com/framework/phps…

@nil0x42 This made my day! PHPSploit deserves more visibility. Getting validation from creators means a lot on a project that's still finding its feet. For anyone discovering this: C2 Workbench is a work in progress. Some analysis needs refinement, but I'm committed to making it useful.

To be clear, it's a work-in-progress, not a polished product. I've tried my best to fine tune various LLM's that do the source code analysis and included references to the code base but automated analysis isn't perfect. If you find issues, please tell me.

Before I go further: huge respect to @JorgeOrchilles and the @c2_matrix team. They pioneered C2 cataloguing and their matrix is the go-to. C2 Workbench takes a different angle with source code analysis. Complementary, not competitive. Both for the community

I've been building C2 Workbench - a free platform analyzing C2 frameworks with installation guides, capability mappings, protocol analysis, and detection artifacts. It's not perfect and the data has gaps, but I think it's useful. c2workbench.com