Black Friday Sale Happening Now! Learn More

Workshop: Build a Multi-Modal C2 Covert Channel in Golang

Course Authored by .

Join Faan Rossouw for this 4-hour workshop where you’ll build a DNS-HTTPS hybrid Command and Control (C2) covert channel from scratch.

Course Length: 4 Hours

Includes a Certificate of Completion



Inquire Now

Next scheduled date: Content is loading, please wait.

Description

Join Faan Rossouw for this 4-hour workshop where you’ll build a multi-modal (DNS + HTTPS) covert channel for Command and Control (C2) communication. He will use Go (Golang), a beginner-friendly and efficient language, to develop a server and agent which will be able to dynamically transition between HTTPS and DNS to maximize network evasion. By the end, you’ll not only have a functional C2 covert channel, but you’ll also have gained foundational knowledge and resources to expand on the project further. Designed for beginners in security with basic programming and networking experience, this course helps solidify your skills in a practical, security-focused context. Explore both offensive and defensive insights into one of the most critical aspects of modern compromises—C2. Let’s turn theory into action and create something impactful together!

  • This course is designed to be accessible without requiring high-end hardware. Here's what you'll need to participate fully:
    • CPU: A modern dual-core processor is the minimum requirement, though a quad-core processor will provide a smoother experience when running multiple applications simultaneously (IDE, server, agent, and other tools).
    • RAM: 8GB of RAM is the recommended minimum. This will comfortably support our development environment without excessive slowdowns.
    • Storage: Please ensure you have at least 50GB of free disk space. This will accommodate the operating system, development tools, our project files, and allow room for additional resources and documentation.
    • GPU: No specialized graphics hardware is required for this course. The standard integrated graphics in most computers will be entirely sufficient.
  • Labs/VMs/Github (information for students)
    • Operating System: The course materials work across Windows, macOS, and Linux. For Windows users, I recommend enabling WSL2 (Windows Subsystem for Linux) for the most seamless experience since I'll be demonstrating primarily with terminal commands that work best in a Unix-like environment.
    • Integrated Development Environment (IDE): You're welcome to use any IDE or text editor you're comfortable with, as long as it has support for Go development. I'll be using GoLand throughout the course, I'm currently working with JetBrains to hopefully provide free trial licenses for participants. If you prefer a free alternative, Visual Studio Code with Go extensions is pretty good (most of the time), and I'll provide a setup guide for it. Other options like Helix, Neovim, or Sublime Text are perfectly fine if you're already familiar with them.
  • Required Software:
    • A GitHub account for version control and sharing code - if you don't yet have an account, please create one
    • Go programming language (latest stable version)
    • Git version control
    • curl command-line tool

Syllabus

Part A: Welcome + Theory

  • Welcome to the Workshop (Lecture)
  • The C2 Agent Communication Loop (Lecture)
  • C2 over DNS and the Multi-modal Advantage (Lecture)
  • Multi-Modal Case Studies (Lecture)
  • What We’ll Be Creating (Lecture)

 

Part B: Groundwork

  • Project Structure and Interfaces (Lab)
  • YAML-based Configuration Management System (Lab)

 

Part C: HTTPS Implementation

  • HTTPS Server (Lab)
  • HTTPS Agent (Lab)
  • HTTPS Runloop (Lab)

 

Part D: DNS Implementation

  • DNS Server (Lab)
  • DNS Agent (Lab)
  • DNS Runloop (Lab)

 

Part E: Transition Using API Switch

  • Implement API Switch (Lab)
  • Dual-server startup (Lab)
  • Agent Parsing + Protocol Transition (Lab)

 

Part F: Wrap-up

  • Where To From Here? (Lecture)
  • Conclusion (Lecture)

 

FAQ

Audience (who is this for)

This course is ideal for network security professionals or enthusiasts who have completed a basic introductory programming course and possess foundational networking knowledge. If you’re eager to apply your skills in a hands-on project, this is the perfect opportunity.

Though we will be creating an offensive tool, this workshop is equally relevant to cyber defenders. By learning how C2 frameworks are designed, defenders can develop more effective detection strategies focused on communication patterns, protocol anomalies, and behavioral indicators.

Further, the broader skills developed in this course are all universally applicable and could just as easily be applied to projects with defensive goals in mind. Though we create an offensive tool, the core foundational skills we use are valuable across both offensive and defensive security domains.

Level: beginner, intermediate, advanced

Beginner-to-Intermediate Level.

Since definitions of “beginner” and “intermediate” can vary, let me clarify: This workshop is designed for those who have some familiarity with basic programming syntax (it doesn’t have to be Go) and fundamental networking concepts (IP, HTTP, OSI model etc). You might not feel fully confident in your understanding regarding these concepts yet, but you’re ready to take the next step and level up your skills.

About the Instructor

Pixel splash background
"Network Threat Hunter + Malware Enthusiast"
Bio

I’m a researcher at Active Countermeasures that ponders one specific question: how to detect C2 frameworks. I approach this problem using a network threat hunting perspective, using Zeek and custom Python tools to detect C2 communication through statistical and fingerprinting techniques. I also build C2 emulation tools in Go, exploring both defensive and offensive perspectives. I’m passionate about teaching, having taught across a range of diverse topics, including malware development.

Related products

Shopping Cart

No products in the cart.