Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The Deimos C2 - Detect module is designed to detect misconfigurations, vulnerabilities, or software fingerprints related to the DeimosC2 post-exploitation Command & Control (C2) tool. This module targets machines that have been compromised and leverages multiple communication methods to control them. It has been tested on Windows, Darwin, and Linux operating systems. The severity of the findings is informative.
Author: pussycat0x
The impact of the findings from the Deimos C2 - Detect module can vary depending on the specific misconfigurations, vulnerabilities, or software fingerprints detected. It is important to address and remediate these issues to prevent further compromise and potential unauthorized control of compromised machines.
The Deimos C2 - Detect module works by sending HTTP requests to the target machine and matching the responses against predefined conditions. One example of an HTTP request sent by this module is a GET request to the "/login" path. The module then checks if the response body contains the "" string and if the response status is 200. Both conditions need to be met for a match to occur.
The matching conditions for this module are:
- Response body must contain the "<title>Deimos C2</title>
" string
- Response status must be 200
If both conditions are met, the module will report a vulnerability.