Golang
RedGuard is a C2 front flow control tool written in Go (Golang). It helps red teams hide their C2 infrastructure by controlling traffic interactions and evading blue teams, AV, EDR and cyberspace search engines.
RedGuard is a pre-flow control for C2 infrastructures, so attackers can hide their C2 channels better. It intercepts and controls traffic between attacker and target system, blocks analysis traffic, and prevents detection by security tools. So red teams can do their job without being detected.
Features
Written in Golang, RedGuard is lightweight and efficient. Supports multiple C2 servers, domain fronting, and load balancing to hide. Can detect cloud sandboxes based on JA3 fingerprint libraries, block malicious requests to prevent replay attacks, whitelist access and prevent scanning and identification of C2 infrastructure by cyberspace mapping tools, and redirect or intercept scanning probe traffic.
Use Cases
RedGuard is useful during offensive and defensive exercises when defenders analyze C2 interaction traffic with situational awareness platforms. Prevents malware sample analysis by detecting cloud sandboxes, blocks malicious requests to perform replay attacks, and restricts access requests to specific server IPs. Prevents scanning and identification of C2 infrastructure by cyberspace mapping technology and supports front flow control for multiple C2 servers, domain fronting, and load balancing to hide.
Monitor the network for unusual traffic patterns of C2 communication.
Update security tools to detect and block RedGuard.
Do security assessments to identify and remediate vulnerabilities.
Educatethe security team about RedGuard capabilities and IOCs.
