this is a CDN service by AWS. it provides secure content delivery of AWS services. it is a secure legitimate domain "*.cloudfront.net" & has redirection capability. in regards to OPSEC, red teamers can set up WAF & Geo-Restriction features which can be applied on distribution
INFRASTRUCTURE TOPOLOGY
redirector routes traffic to the Elastic Load Balancer
Elastic Load Balancer routes traffic from redirector to the C2 server
IMPLEMENTATION
CDN CONFIGURATION & INSTALLATION
root@oco:~$ BROWSER > https://aws.amazon.com/ > All Services > CloudFront > Create a CloudFront Distribution
* CloudFront is a Global Content Delivery Network (CDN)
- this is where the redirector will be created and masks the C2 Server's location
- if this redirector get compromised by the blue team, a new one can be quickly deployed
Create a Distribution
Origin
Origin Domain: {use the Elastic Load Balancer previously created}
- {awscmd...}
Protocol: HTTPS only
HTTPS Port: 443
Minimum Origin SSL Protocol: TLSv1.2
Origin Path: N/A
Name: default
Add custom header: N/A
Enable Origin Shield: No
Default Cache Behavior
Path Pattern: default
Corempress Objects Automatically: Yes
Viewer:
Viewer Protocol Policy: HTTP and HTTPS
Allowed HTTP methods: GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE
- the MythicC2 agents will be configured on POST requests
Cache HTTP methods: N/A {unticked}
Allow gRPC requests over HTTP/2: N/A {unticked}
Restrict Viewer Access: No
Cache Key and Origin Requests: default
- do not touch settings
Function Associations: default
- do not touch settings
WAF: Do not enable protections!
- select "Enable Security Protections" on production environment
Settings: default
- do not touch settings
Standard Logging: default
- do not touch settings
Create Distribution!
* {radomStringSubDomain}.cloudfront.net
- copy the CDN distribution domain name
- it'll be used in Mythic C2 Server
