LOAD BALANCER (AWS EC2)

INSTALLATION & CONFIGURATION

#this is performed after creating the C2 Server
root@oco:~$ BROWSER > https://aws.amazon.com/ > EC2 > Instances > {instanceID} > Load Balancing > Load Balancers > Create Load Balancer > Application Load Balancer
 Basic Configuration
  Load Balancer name: {arbitraryName}
  Scheme: Internet-facing
  IP Address Type: IPv4
 Network Mapping
  VPC: {default}
  * this is routing part
  Mappings:
  * this is the availability zones - any 'TWO' will do
 Security Groups: 
  * this security group will be applied to the Load Balancer - keep a note of this value as it need to be applied to the security group of the C2 server
     - sg-**************
     
 #this section describes where the traffic from the ELB will be forwarded
 #this is a 2-part configuration - once the ELB configuration is complete, the Mythic C2 Server must be configured to accept incoming traffic from this ELB! - this is accomplished through the "target group/security group"
 Listeners & Routing
  Protocol: HTTP
  Port: 80
  Default Action > Forward To > Create target Group
   * the target group will be applied to the Mythic C2 Server
   * you'll need to comeback to this section after creating the target group
      - assign the newly created target group
   Basic Configuration
    Target Type: Instances
    Target Group Name: {arbitraryName-C2TargetGroup}
     Protocol: HTTP
     Port: 80
    VPC: {use previously configured security group}
    Protocol Version: HTTP1
  * this specifies where the traffic from ELB will be passed to
     - ELB-to-C2-Server traffic can either be HTTP or HTTPS
  * this determines where the traffic will be routed back to/from
     - target-to-redirector traffic will be HTTPS
     - ELB-to-C2-Server traffic can either be HTTP or HTTPS

 Register targets > {instanceID} check box > Include as Pending Below > Create Target Group
  Default Action > Forward to
  * select the newly created target group
  
 Load Balancer Tags: {default}
 Amazon CloudFront + AWS Web Application Firewall (WAF): {default}
 AWS Web Application Firewall (WAF): {default}
 AWS Global Accelerator: {default}
 Create Load Balancer!

LOAD BALANCER & C2 SERVER LINKING

#this step is required as only the remote attacker host can access the C2 server
#must link the load balancer and the c2 server, so the redirector traffic can be forwarded by the load balancer to the c2 server
#this procedure modifies the security group of the c2 server to allow traffic from the ELB
root@oco:~$ BROWSER > https://aws.amazon.com/ > EC2 > Instances > {instanceID} > Security > Security Groups
 Inbound Rules > Edit Inbound Rules > Add Rule
  Type: Custom TCP
  Protocol: TCP
  Port Range: 80
  Source: Custom
  * paste the security group of the newly created ELB "sg-**************"
     - the security group can be retrieved from "Load Balancing > Load Balancers > ELBName > Security"
  Description: Allow traffic from ELB
  Save Rules!
     
MythicC2Server > Event Feed
  * once everything is linked, the C2 server (Mythic C2) will receive health checks information from the ELB
     - this is happening because the ELB performs heartbeat checks on the C2 server

PreviousAWS CLOUDFRONT NextCLOUDFRONT

Last updated 11 months ago