A new release of C3 has been made available with significant changes that aim to extend the user-base as well as enhance the operational capabilities of the framework. Specifically, the “Exploding Donut” release features integration with the open source Covenant C2 framework (C3 + Covenant = C4). Compressed shellcode generation from the Web UI is also now possible through integration of the Donut project, facilitating weaponisation of delivery mechanisms. Finally, channel development is easier than ever with the addition of the ChannelLinter project.
Since a large user-base is a key driver to development, extending the number of people using C3 has been one of the main objectives of the project. It was therefore decided that demonstrating the integration of an open source C2 framework would aid in the completion of this objective. The integration served two purposes:
1. Allow operators who do not have access to a COTS product like Cobalt Strike the chance to use C3.
2. Demonstrate to other C2 framework maintainers how they would set about integrating their solution with C3.
A walk-through of how this integration was achieved can be found here: https://github.com/FSecureLABS/C3/blob/master/Res/C2Integration.md
One of the key issues that the initial release did not solve was payload delivery. F-Secure was aware that there was no option for users to generate Relay shellcode, and that the relays themselves were quite large. The Donut project was identified as being a well-developed and easy to use framework that would meet C3’s needs.
The ChannelLinter projects serves to enhance the ease of which new C2 channels can be developed and therefore added to C3. As such, red team operators are able to spend less time developing and debugging channels, and more time using them.
The Exploding Donut release of C3 can be found on the F-Secure Labs Github page: https://github.com/FSecureLABS/C3/tree/v1.1.0
@cobbr - for the development of Covenant as well as help integrating C3.