Enterprise Attack Simulation & Remediation

We deployed Covenant C2 in Docker to orchestrate our team’s command‑and‑control operations through its intuitive web interface and leveraged the built‑in persiststartup command to achieve durable persistence across reboots. Using a crafted phishing email carrying a malicious .docm document, our embedded VBA script silently fetched and executed a PowerShell payload from a Kali Linux host, spawning a reverse shell back to our listener. The attack was then dissected in real time with Security Onion and Suricata, and logs were analyzed in Kibana to trace the GET request for “payload1” and uncover the rogue startup batch file. Finally, we demonstrated a full remediation workflow—isolating the compromised host, removing malicious artifacts, blocking the attacker’s IP, and verifying via continuous log monitoring that the system was returned to a clean, secure state.

← Back to Projects