Command and Control with Merlin

Focused View

Zach Roof

27:28

124 View

Exercise Files

command-control-merlin.zip

Module 1 - Course Overview

1. Course Overview.mp4

01:15

Module 2 - Command and Control with Merlin

1. What Is Merlin.mp4

04:49

2. Simulation Environment Overview.mp4

04:14

3. Simulation Environment Installation.mp4

03:28

4. Configuring the Merlin Server.mp4

02:52

5. Wazuh Alert - Merlin Connection.mp4

02:10

6. Remote Code Execution.mp4

01:37

7. Data Exfiltration.mp4

04:31

Module 3 - Resources

1. Next Steps.mp4

02:32

Description

In this course, you will learn Command And Control using Merlin. Merlin’s “magic” is in the usage of modules (for attack automation), HTTP/3 (for evading packet inspection), and Golang (for cross-compiling agents on multiple Operating Systems).

What You'll Learn?

Want to learn how a C2 server can be leveraged to steal a database backup? If so, you’re in the right place! In this course, Command and Control with Merlin, we’ll cover how to utilize Merlin to execute data exfiltration in a red team environment. First, you’ll witness how Merlin evades network packet detection via the HTTP/3 protocol. Second, you’ll use Merlin’s HTTP/3 functionality to upload a recon script. Finally, you’ll use the results of the recon script to exfiltrate a database backup to the Merlin C2 server. During each step of the process, we’ll see what Merlin attacks are discovered by Wazuh (a host-based intrusion detection system) and Suricata (a network-based intrusion detection system). No previous Wazuh or Suricata experience is required. When you’re finished with this course, you’ll have the skills and knowledge to execute these techniques: Exfiltration Over C2 Channel (T1041), Ingress Tool Transfer (T1105), Application Layer Protocol (T1071) using Merlin.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Go

Ethical Hacking

Zach Roof

Instructor's Courses

Zach describes himself as “an ordinary guy who’s extraordinarily curious about technology.” This curiosity has led to roles in Software Development, Application Security, DevOps, and Security Engineering. Currently, Zach is the Lead Security Engineer at Credible where he helps lead the security vision of a highly sensitive Fintech product. Outside of his day job, Zach has spoken at SyntaxCon, created cybersecurity tutorials through Securing The Stack, led an AWS Meetup group, and has provided cybersecurity consulting services. When not hitting the keyboard, Zach is hitting the trails! He is an avid hiker and enjoys the simplicity of nature. In fact, Zach’s favorite quote is “Simplicity is the ultimate sophistication” by Leonardo Da Vinci. Zach’s fondness of simplicity has manifested in his tutorials, where he aims to simplify complex topics in the areas of Software Development, DevOps, and Security.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.