Command and Control with Merlin from Pluralsight

In this course, you will learn Command And Control using Merlin. Merlin’s “magic” is in the usage of modules (for attack automation), HTTP/3 (for evading packet inspection), and Golang (for cross-compiling agents on multiple Operating Systems).

Want to learn how a C2 server can be leveraged to steal a database backup? If so, you’re in the right place! In this course, Command and Control with Merlin, we’ll cover how to utilize Merlin to execute data exfiltration in a red team environment. First, you’ll witness how Merlin evades network packet detection via the HTTP/3 protocol. Second, you’ll use Merlin’s HTTP/3 functionality to upload a recon script. Finally, you’ll use the results of the recon script to exfiltrate a database backup to the Merlin C2 server. During each step of the process, we’ll see what Merlin attacks are discovered by Wazuh (a host-based intrusion detection system) and Suricata (a network-based intrusion detection system). No previous Wazuh or Suricata experience is required. When you’re finished with this course, you’ll have the skills and knowledge to execute these techniques: Exfiltration Over C2 Channel (T1041), Ingress Tool Transfer (T1105), Application Layer Protocol (T1071) using Merlin.

What's inside

Syllabus

Course Overview

Command and Control with Merlin

Resources

Good to know

Know what's good

, what to watch for

, and possible dealbreakers

This course provides practical knowledge on executing data exfiltration techniques using Merlin

Teaches relevant industry techniques: Exfiltration Over C2 Channel (T1041), Ingress Tool Transfer (T1105), Application Layer Protocol (T1071)

Suitable for beginners interested in honing their red team skills

Provides hands-on experience with industry-standard tools like Merlin

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Command and Control with Merlin with these activities:

Review Data Exfiltration

Show steps

Refresh your memory of data exfiltration prior to the course to maximize your course comprehension.

Browse courses on Data Exfiltration

Show steps

Review past notes or study materials on data exfiltration
Focus on key techniques used to extract data illegally
Understand the motivations behind data exfiltration including financial gain, espionage, and sabotage

Merlin Command and Control Tutorial

Show steps

Follow a tutorial to familiarize yourself with the Merlin toolset. This will lay a solid foundation for your course learning.

Browse courses on Merlin

Show steps

Locate reputable tutorials on Merlin and Command and Control
Work through the tutorial steps meticulously
Experiment with Merlin’s HTTP/3 functionality on your own

HTTP/3 Evading Packet Inspection

Show steps

Practice evading packet inspection using HTTP/3 by simulating real-world scenarios.

Show steps

Set up a test environment with a network sniffer
Use Merlin to send HTTP/3 packets and observe how they evade detection
Experiment with different HTTP/3 techniques to improve evasion

Five other activities

Expand to see all activities and additional details

Show all eight activities

Merlin C2 Server Discussion Group

Show steps

Connect and engage with peers by participating in discussions on Merlin Command and Control.

Browse courses on Merlin

Show steps

Join an online forum or group dedicated to Merlin
Participate in discussions, ask questions, and share knowledge
Collaborate with others on Merlin-related projects

Recon Script to Exfiltrate Database

Show steps

Create a recon script that exfiltrates a database backup to solidify your knowledge of the process.

Browse courses on Data Extraction

Show steps

Write a script in Python or another language
Use Merlin's HTTP/3 functionality to upload the recon script
Execute the script and observe how it exfiltrates the database

Assist Junior Network Security Professionals

Show steps

Share your expertise and insights with those just starting in your field by mentoring others.

Show steps

Identify opportunities to mentor junior professionals
Provide guidance and support on topics related to network security
Share your experiences and lessons learned

Advanced Command and Control Techniques

Show steps

Expand your knowledge by attending a workshop on advanced command and control techniques.

Browse courses on Command and Control

Show steps

Identify and research relevant workshops
Attend the workshop and actively participate
Network with experts and fellow attendees

Merlin C2 Server Resources

Show steps

Create a compilation of valuable resources to support your continued learning on Merlin C2 Server.

Browse courses on Merlin

Show steps

Gather resources such as tutorials, documentation, and research papers
Organize and categorize the resources
Share the compilation with others in the community

Career center

Learners who complete Command and Control with Merlin will develop knowledge and skills that may be useful to these careers:

Cybersecurity Analyst

Cybersecurity analysts need to be skilled in a range of tactics and technologies in order to protect organizations in an ever-changing threat environment. A command and control system is one of the essential tools an attacker will use to launch and manage an attack. Understanding how to disrupt and intercept communication from a command and control system is an essential skill for a cybersecurity analyst. In this course, you will learn how to execute C2 attacks using Merlin, gain hands-on experience, and use the results of a recon script to exfiltrate a database backup to the Merlin C2 server.

See salaries and explore the career path for Cybersecurity Analyst

Network Security Engineer

Network security engineers are responsible for designing, implementing, and maintaining network security systems to protect an organization's computer networks from unauthorized access, use, disclosure, disruption, modification, or destruction.

See salaries and explore the career path for Network Security Engineer

Security Consultant

Security consultants help organizations to identify and mitigate security risks. They may also provide advice on security best practices and help organizations to develop and implement security policies.

See salaries and explore the career path for Security Consultant

Information Security Analyst

Information security analysts plan and implement security measures to protect an organization's computer networks and systems.

See salaries and explore the career path for Information Security Analyst

Penetration Tester

Penetration testers are employed to assess the security of computer systems and networks by simulating attacks from malicious actors.

See salaries and explore the career path for Penetration Tester

Red Team Operator

Red team operators are responsible for simulating attacks on an organization's computer systems and networks to identify vulnerabilities and weaknesses. They use a variety of tools and techniques to carry out their attacks, including command and control systems.

See salaries and explore the career path for Red Team Operator

Security Researcher

Security researchers develop new security tools and techniques to protect computer systems and networks from attack. They may also work on developing new security standards and best practices.

See salaries and explore the career path for Security Researcher

Security Architect

Security architects design and implement security measures to protect an organization's computer systems and networks. They may also work on developing new security standards and best practices.

See salaries and explore the career path for Security Architect

Incident Responder

Incident responders are responsible for responding to security incidents and breaches. They may also work on developing and implementing incident response plans.

See salaries and explore the career path for Incident Responder

Cloud Security Engineer

Cloud security engineers are responsible for securing cloud computing environments. They may work on a variety of tasks, such as designing and implementing security controls, monitoring cloud environments for security threats, and responding to security incidents.

See salaries and explore the career path for Cloud Security Engineer

Cybercrime Investigator

Cybercrime investigators investigate computer crimes and security breaches. They may work on a variety of tasks, such as collecting and analyzing evidence, identifying and tracking down attackers, and developing new cybercrime investigation techniques.

See salaries and explore the career path for Cybercrime Investigator

Threat Intelligence Analyst

Threat intelligence analysts collect and analyze information about security threats. They may work on a variety of tasks, such as identifying and tracking threat actors, developing new threat intelligence reports, and providing advice on threat mitigation.

See salaries and explore the career path for Threat Intelligence Analyst

Malware Analyst

Malware analysts investigate malware and other malicious software. They may work on a variety of tasks, such as identifying and classifying malware, developing new malware detection and prevention techniques, and providing advice on malware protection.

See salaries and explore the career path for Malware Analyst

Vulnerability Researcher

Vulnerability researchers identify and report vulnerabilities in computer software and systems. They may work on a variety of tasks, such as developing new vulnerability discovery techniques, providing advice on vulnerability management, and working with vendors to fix vulnerabilities.

See salaries and explore the career path for Vulnerability Researcher

Forensic Analyst

Forensic analysts investigate computer crimes and security breaches. They may work on a variety of tasks, such as collecting and analyzing evidence, identifying and tracking down attackers, and developing new forensic techniques.

See salaries and explore the career path for Forensic Analyst