this is a CDN service by AWS. it provides secure content delivery of AWS services. it is a secure legitimate domain "*.cloudfront.net" & has redirection capability. in regards to OPSEC, red teamers can set up WAF & Geo-Restriction features which can be applied on distribution
INFRASTRUCTURE TOPOLOGY
redirector routes traffic to the Elastic Load Balancer
Elastic Load Balancer routes traffic from redirector to the C2 server
root@oco:~$ BROWSER > https://aws.amazon.com/ > All Services > CloudFront > Create a CloudFront Distribution
* CloudFront is a Global Content Delivery Network (CDN)
- this is where the redirector will be created and masks the C2 Server's location
- if this redirector get compromised by the blue team, a new one can be quickly deployed
Create a Distribution
Origin
Origin Domain: {use the Elastic Load Balancer previously created}
- {awscmd...}
Protocol: HTTPS only
HTTPS Port: 443
Minimum Origin SSL Protocol: TLSv1.2
Origin Path: N/A
Name: default
Add custom header: N/A
Enable Origin Shield: No
Default Cache Behavior
Path Pattern: default
Corempress Objects Automatically: Yes
Viewer:
Viewer Protocol Policy: HTTP and HTTPS
Allowed HTTP methods: GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE
- the MythicC2 agents will be configured on POST requests
Cache HTTP methods: N/A {unticked}
Allow gRPC requests over HTTP/2: N/A {unticked}
Restrict Viewer Access: No
Cache Key and Origin Requests: default
- do not touch settings
Function Associations: default
- do not touch settings
WAF: Do not enable protections!
- select "Enable Security Protections" on production environment
Settings: default
- do not touch settings
Standard Logging: default
- do not touch settings
Create Distribution!
* {radomStringSubDomain}.cloudfront.net
- copy the CDN distribution domain name
- it'll be used in Mythic C2 Server
