We may earn an affiliate commission when you visit our partners.
Zach Roof

In this course, you will learn Command And Control using Merlin. Merlin’s “magic” is in the usage of modules (for attack automation), HTTP/3 (for evading packet inspection), and Golang (for cross-compiling agents on multiple Operating Systems).

Read more

In this course, you will learn Command And Control using Merlin. Merlin’s “magic” is in the usage of modules (for attack automation), HTTP/3 (for evading packet inspection), and Golang (for cross-compiling agents on multiple Operating Systems).

Want to learn how a C2 server can be leveraged to steal a database backup? If so, you’re in the right place! In this course, Command and Control with Merlin, we’ll cover how to utilize Merlin to execute data exfiltration in a red team environment. First, you’ll witness how Merlin evades network packet detection via the HTTP/3 protocol. Second, you’ll use Merlin’s HTTP/3 functionality to upload a recon script. Finally, you’ll use the results of the recon script to exfiltrate a database backup to the Merlin C2 server. During each step of the process, we’ll see what Merlin attacks are discovered by Wazuh (a host-based intrusion detection system) and Suricata (a network-based intrusion detection system). No previous Wazuh or Suricata experience is required. When you’re finished with this course, you’ll have the skills and knowledge to execute these techniques: Exfiltration Over C2 Channel (T1041), Ingress Tool Transfer (T1105), Application Layer Protocol (T1071) using Merlin.

Enroll now

What's inside

Syllabus

Course Overview
Command and Control with Merlin
Resources

Good to know

Know what's good
, what to watch for
, and possible dealbreakers
This course provides practical knowledge on executing data exfiltration techniques using Merlin
Teaches relevant industry techniques: Exfiltration Over C2 Channel (T1041), Ingress Tool Transfer (T1105), Application Layer Protocol (T1071)
Suitable for beginners interested in honing their red team skills
Provides hands-on experience with industry-standard tools like Merlin

Save this course

Save Command and Control with Merlin to your list so you can find it easily later:
Save

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Command and Control with Merlin with these activities:
Review Data Exfiltration
Refresh your memory of data exfiltration prior to the course to maximize your course comprehension.
Browse courses on Data Exfiltration
Show steps
  • Review past notes or study materials on data exfiltration
  • Focus on key techniques used to extract data illegally
  • Understand the motivations behind data exfiltration including financial gain, espionage, and sabotage
Merlin Command and Control Tutorial
Follow a tutorial to familiarize yourself with the Merlin toolset. This will lay a solid foundation for your course learning.
Browse courses on Merlin
Show steps
  • Locate reputable tutorials on Merlin and Command and Control
  • Work through the tutorial steps meticulously
  • Experiment with Merlin’s HTTP/3 functionality on your own
HTTP/3 Evading Packet Inspection
Practice evading packet inspection using HTTP/3 by simulating real-world scenarios.
Show steps
  • Set up a test environment with a network sniffer
  • Use Merlin to send HTTP/3 packets and observe how they evade detection
  • Experiment with different HTTP/3 techniques to improve evasion
Five other activities
Expand to see all activities and additional details
Show all eight activities
Merlin C2 Server Discussion Group
Connect and engage with peers by participating in discussions on Merlin Command and Control.
Browse courses on Merlin
Show steps
  • Join an online forum or group dedicated to Merlin
  • Participate in discussions, ask questions, and share knowledge
  • Collaborate with others on Merlin-related projects
Recon Script to Exfiltrate Database
Create a recon script that exfiltrates a database backup to solidify your knowledge of the process.
Browse courses on Data Extraction
Show steps
  • Write a script in Python or another language
  • Use Merlin's HTTP/3 functionality to upload the recon script
  • Execute the script and observe how it exfiltrates the database
Assist Junior Network Security Professionals
Share your expertise and insights with those just starting in your field by mentoring others.
Show steps
  • Identify opportunities to mentor junior professionals
  • Provide guidance and support on topics related to network security
  • Share your experiences and lessons learned
Advanced Command and Control Techniques
Expand your knowledge by attending a workshop on advanced command and control techniques.
Browse courses on Command and Control
Show steps
  • Identify and research relevant workshops
  • Attend the workshop and actively participate
  • Network with experts and fellow attendees
Merlin C2 Server Resources
Create a compilation of valuable resources to support your continued learning on Merlin C2 Server.
Browse courses on Merlin
Show steps
  • Gather resources such as tutorials, documentation, and research papers
  • Organize and categorize the resources
  • Share the compilation with others in the community

Career center

Learners who complete Command and Control with Merlin will develop knowledge and skills that may be useful to these careers:
Cybersecurity Analyst
Cybersecurity analysts need to be skilled in a range of tactics and technologies in order to protect organizations in an ever-changing threat environment. A command and control system is one of the essential tools an attacker will use to launch and manage an attack. Understanding how to disrupt and intercept communication from a command and control system is an essential skill for a cybersecurity analyst. In this course, you will learn how to execute C2 attacks using Merlin, gain hands-on experience, and use the results of a recon script to exfiltrate a database backup to the Merlin C2 server.
Network Security Engineer
Network security engineers are responsible for designing, implementing, and maintaining network security systems to protect an organization's computer networks from unauthorized access, use, disclosure, disruption, modification, or destruction.
Security Consultant
Security consultants help organizations to identify and mitigate security risks. They may also provide advice on security best practices and help organizations to develop and implement security policies.
Information Security Analyst
Information security analysts plan and implement security measures to protect an organization's computer networks and systems.
Penetration Tester
Penetration testers are employed to assess the security of computer systems and networks by simulating attacks from malicious actors.
Red Team Operator
Red team operators are responsible for simulating attacks on an organization's computer systems and networks to identify vulnerabilities and weaknesses. They use a variety of tools and techniques to carry out their attacks, including command and control systems.
Security Researcher
Security researchers develop new security tools and techniques to protect computer systems and networks from attack. They may also work on developing new security standards and best practices.
Security Architect
Security architects design and implement security measures to protect an organization's computer systems and networks. They may also work on developing new security standards and best practices.
Incident Responder
Incident responders are responsible for responding to security incidents and breaches. They may also work on developing and implementing incident response plans.
Cloud Security Engineer
Cloud security engineers are responsible for securing cloud computing environments. They may work on a variety of tasks, such as designing and implementing security controls, monitoring cloud environments for security threats, and responding to security incidents.
Cybercrime Investigator
Cybercrime investigators investigate computer crimes and security breaches. They may work on a variety of tasks, such as collecting and analyzing evidence, identifying and tracking down attackers, and developing new cybercrime investigation techniques.
Threat Intelligence Analyst
Threat intelligence analysts collect and analyze information about security threats. They may work on a variety of tasks, such as identifying and tracking threat actors, developing new threat intelligence reports, and providing advice on threat mitigation.
Malware Analyst
Malware analysts investigate malware and other malicious software. They may work on a variety of tasks, such as identifying and classifying malware, developing new malware detection and prevention techniques, and providing advice on malware protection.
Vulnerability Researcher
Vulnerability researchers identify and report vulnerabilities in computer software and systems. They may work on a variety of tasks, such as developing new vulnerability discovery techniques, providing advice on vulnerability management, and working with vendors to fix vulnerabilities.
Forensic Analyst
Forensic analysts investigate computer crimes and security breaches. They may work on a variety of tasks, such as collecting and analyzing evidence, identifying and tracking down attackers, and developing new forensic techniques.

Reading list

We've selected eight books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Command and Control with Merlin.
Provides a detailed guide to application layer protocol. It valuable resource for anyone who wants to learn more about this technique.
Classic introduction to the C programming language, which is the foundation for many other programming languages, including Go.
Provides a comprehensive overview of the TCP/IP protocol suite, which is essential knowledge for students who are learning to use Merlin for network attacks.
Provides a comprehensive overview of computer networks, which is helpful background knowledge for students who are learning to use Merlin for network attacks.
Provides a practical guide to reverse engineering, which valuable skill for students who are learning to use Merlin for malware analysis.
Provides a comprehensive overview of the OWASP Top 10. It valuable resource for anyone who wants to learn more about the OWASP Top 10 and its uses in command and control.
Provides a comprehensive overview of deception techniques. It valuable resource for anyone who wants to learn more about deception and its uses in command and control.
Provides a fascinating look at the human element of security, which is essential knowledge for students who are learning to use Merlin for social engineering attacks.

Share

Help others find this course page by sharing it with your friends and followers:
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2024 OpenCourser