FRONT DOOR

Microsoft Azure

this is a CDN service by Azure. it provides seamless connectivity with Azure VMs & other exposed endpoints. the endpoints will be in a secured legitimate domain *.azurefd.net. additionally, security policies (WAF) can be applied on the endpoints

INFRASTRUCTURE TOPOLOGY

IMPLEMENTATION

CDN CONFIGURATION & INSTALLATION

#this step is done after creating the C2 Server
Azure > Front Door & CDN profiles > Create Front Door & CDN profiles > Azure Front Door w/ Quick Create > Continue to create a Front Door
 Project Details
  Subscription: {subscription}
  Resource Group: {Create New}
  Resource Group Location: default
  Name: {cdnService}
  Tier: Standard
  Endpoint Settings:   //this is how the client will be connecting back to
   Endpoint Name: {service}
    - Endpoint hostname: {service}.azurefd.net
       - this is auto generated from "endpoint name"
   Origin Type: Public IP Address
   Origin Host name: {point this to Mythic C2}
    - the hostname of the Mythic C2 or its IP address
   Caching: Optional
   WAF policy: Optional
  Create!
  * after deployment is done there should be three services
     - enpoint
        - this is the cdn redirector
     - origin group
        - this is where the traffic will be going - should be Mythic C2
     - Routes
        - defines the connection between the endpoint redirector and the Mythic C2 Server

TRAFFIC SHAPING: REDIRECTOR TO C2 SERVER

#configure how the redirector CDN will be passing traffic to Mythic C2 Server
Azure > Front Door and CDN Profiles > {intanceID} > Overview > Properties > Endpoints > Endpoints ID
 Front Door Manager > Routes > Default-Route
  Update Route
   Name: default
   Endpoint: {cdn endpoint}
   Enable Route: Enabled
   Domains
    Domains: {}.azurefd.net
    Patterns to match: /path
    Accepted Protocols: HTTP and HTTPS
    Redirect: Redirect all traffic to use HTTPS
   Origin Group                          //this is where the traffic will be going to
    Origin Group: {points to Mythic C2}
     - default-origin-group
    Origin Path: N/A
    Forwarding Protocol: HTTP only
     - this defines how the "Azure FD & CDN" will be talking back to the Mythic C2 Server
        - via HTTP only! 
           - the azure front door (redirector) is the one accessible to the targets
           - the Mythic C2 server is only accessible to the red team & is behind the azure front door cdn

TRAFFIC SHAPING: MYTHIC C2 TO REDIRECTOR

#reconfigure Mythic C2 security group to allow HTTP port 80 traffic from the FD & CDN
Azure > Virtual Machine > Mythic C2 VM > Settings > Networking
 Inbound Port Rules > Add Inbound Port Rule
  Source: Service Tag
  Source Service Tag: AzureFrontDoor Backend
  Source Port Ranges: *
  Destination: Any
  Service: HTTP
  Destination port Ranges: 80
  Protocol: TCP
  Action: Allow
  Priority: 330
  Name: AllowFDHTTPInbound-to-Mythic
Mythic C2 FW Rules
#verify accessibility
root@oco:~$ BROWSER > {service}.azurefd.net
 * the redirector will only have a blank black screen
PreviousAZURE FRONT DOORNextNGINX (AWS EC2/AZURE)

Last updated