Read as
Last updated: April 29, 2026
Cobalt Strike, Sliver, Havoc, Mythic compared. Beacon anatomy, transports, malleable profiles, redirector architecture.
A Command & Control (C2) framework is the software the red team uses to communicate with implants on compromised hosts. Beacon on the endpoint, team server at the operator end, network protocols between them. This module covers the major C2 frameworks in 2026, the anatomy of a beacon, and the operational tradeoffs between them.
What a C2 framework provides
- Implant (beacon): the payload that runs on the victim; calls home periodically; executes tasks
- Team server: the control plane; operators connect to it to task beacons
- Transports: protocols beacons use to call home — HTTP/HTTPS, DNS, SMB named pipes, custom
- Malleable profiles: customize how traffic looks on the wire — User-Agent, URI patterns, staging responses
- Operator UI: CLI and/or GUI to run commands on beacons, upload/download files, pivot
- Built-in capabilities: port scanning, credential theft modules, lateral movement primitives, socks proxy for tunnelling
Want this for your team?
Custom team training + practitioner advisory
Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.
Book team training call
Replies in 4 working hrs · India-only · Senior consultants