PoshC2 is a proxy aware C2 framework written in PowerShell and C# to aid penetration testers with red teaming, post-exploitation and lateral movement. The tools and modules were developed off the back of our successful PowerShell sessions and payload types for the Metasploit Framework. PowerShell was chosen as the base language as it provides all of the functionality and rich features required without needing to introduce multiple languages onto the compromised host.
Arguably the most important element of this C2 framework is its ability to log everything that is performed on the client infrastructure to a centralised database. The entire purpose of a Red Teaming exercise is to test an organisations defensive capabilities and technical controls against a real world cyber threat. In order to facilitate this task as security consultants we need to fully verify each Indicator of Compromise (IoC) to understand what capability the client currently has and where there are gaps. Being able to output the entire engagement details in one report provides a massive advantage over other tools and frameworks.