I've been working on a comprehensive C2 infrastructure project involving AdaptixC2, covert redirectors, and Terraform automation. Before diving into the technical details across the upcoming posts, I wanted to take a step back and explain why I embarked on this project in the first place. This wasn't just another technical tutorial series—it was born from my offensive security work and some hard-learned lessons about what really matters in red team operations.
The Journey So Far
Like many in this field, my C2 journey started with the classics. Metasploit was the gateway drug, but Empire and its GUI companion Starkiller were where I really cut my teeth. From there, I've had the privilege of working with Cobalt Strike professionally, and exploring open-source alternatives like Sliver, Havoc, Mythic, and Covenant in my own time.
Each framework taught me something different. Initially, I was drawn to the GUI-based tools—Havoc and Cobalt Strike felt intuitive and powerful. But as I've matured in the field, I've come to deeply respect what the team at SpecterOps built with Mythic. The architecture is elegant, well-thought-out, and demonstrates a sophisticated understanding of modern red team needs.
I prefer GUI C2s over the CLI version, and I'm not ashamed to admit it. Yes, I can navigate command-line interfaces just fine, but why memorize every flag and syntax quirk when I could be using that mental energy for more important things—like crafting the perfect malleable profile or designing operational security measures?
Why Document This Publicly?
Honestly, this project served multiple purposes. I wanted to showcase my networking skills while demonstrating that I'm genuinely passionate about advancing in offensive security. Building secure C2 infrastructure isn't just about spinning up a server—it requires deep understanding of networking protocols, covert communications, red team tooling, and creative problem-solving.
Trust me, I went through the wringer trying to figure some of this stuff out (Looking at you DNS). But that struggle is exactly why I thought documenting the process would be valuable.
The AdaptixC2 Choice
You might wonder why I chose AdaptixC2 when there are so many established options. Initially, I'll be honest—I found it a bit boring. Another Cobalt Strike clone in a sea of CS alternatives. But as I dug deeper, I came to appreciate what they've built, especially considering I'm not paying Fortra's licensing fees and I was getting tired of Sliver's command-line interface (no shade to Bishop Fox, I just wanted my GUI back).
Being the "new kid on the block" also means there's less comprehensive documentation available, which presents both a challenge and an opportunity to contribute something meaningful to the community.
The Evolving Threat Landscape
Here's where things get interesting, and perhaps controversial. I believe the C2 landscape—and offensive security in general—is moving away from open-source tools, at least for serious operations. The blue team is evolving rapidly, leveraging machine learning and AI agents to signature our tooling faster than ever before.
Take Windows Defender as a case study. A decade ago, it was practically a joke in our community. But Microsoft played the long game brilliantly. With Windows running on billions of devices worldwide, they essentially crowdsourced malware detection on a global scale. Now Defender is so effective that many of us are bringing custom AV solutions just to bypass it.
This trend suggests that retreating to our "dungeons" and keeping our tooling private might be the future of red team operations. The blue side may soon be able to detect our public tools faster than we can adapt them.
The Infrastructure Reality Check
The biggest misconception I encounter, especially among newcomers to red teaming, is that setting up C2 infrastructure is straightforward. What I documented in this series represents the bare minimum of what you'd want for a real engagement—think of it as a proof of concept rather than production-ready infrastructure.
In reality, you should be diving much deeper: ensuring domain reputation, implementing multiple detection evasion layers, setting up dedicated phishing infrastructure, deploying SIEM solutions like Wazuh for comprehensive logging, and so much more. The rabbit hole goes deep, and every engagement has unique requirements.
Security-First Philosophy
You can craft the most sophisticated, fully undetectable beacon and develop novel persistence techniques, but none of that matters if the blue team takes one look at your domains and burns your entire C2 infrastructure. Not to mention all the scanners looking for default profiles, credentials and settings.
This is why I emphasize infrastructure security so heavily. EDR solutions track everything, but they don't always alert immediately. Don't hand the blue team an easy win by having excellent malware but terrible OPSEC.
The Automation Imperative
In 2025, manual infrastructure deployment feels almost negligent. Infrastructure-as-Code through tools like Terraform isn't just a nice-to-have—it's essential for maintaining operational security and consistency. IaC automates the routine tasks, freeing up mental bandwidth for the complex problem-solving that actually requires human creativity.
It's the same philosophy behind my preference for GUI tools. It's not that I can't handle command-line interfaces—it's about optimizing cognitive load. Every brain cycle spent remembering syntax is one not spent on tactical thinking.
The Infrastructure Security Deep Dive
Building on my philosophy that infrastructure security matters as much as perfect malware, this series will also dive deep into VPS hardening and network security.
This series represents my current understanding of modern C2 infrastructure, but the landscape continues evolving rapidly. The techniques I'll be sharing will inevitably become outdated, new frameworks will emerge, and defensive capabilities will advance.
What won't change is the fundamental principle: successful red team operations require a holistic approach that balances technical sophistication with operational security. Whether you're using the latest framework or a custom-built solution, the infrastructure supporting your operations must be robust, automated, and designed with the assumption that skilled defenders are actively hunting for you.
The tools are just tools. The real value lies in understanding how to use them effectively, securely, and in service of objectives that matter. That's what I hope this series will demonstrate, and what continues to drive my exploration of this fascinating field.
In the upcoming posts, I'll put these principles into practice as we work through the technical implementation. The series will cover everything from initial AdaptixC2 setup and VPS hardening, to building redirectors and zero-trust networks, finishing with full automation through Terraform.
This kicks off my C2 Whisperer series on building infrastructure that survives. If you're following along, I'd love to hear about your own experiences with C2 frameworks and infrastructure automation. Reach out to me on linkedin and let’s chat!