Beaconator C2 Framework

Presented at DEF CON 33 (2025), Aug. 9, 2025, 10 a.m. (45 minutes).

The Beaconator C2 framework provides multiple highly evasive payloads, created to provide red teams with code execution, versatility, and ease of use. It is intended to be a Swiss Army knife for evasive C2, with a unified listener and basic tools to manage an engagement. The goal is to empower red/purple teams to emulate emerging adversary tactics that are evasive, prove them out, and then open tickets with various AV/EDR vendors to improve detectability for these blind spots that are now exploited in the wild.

Presenters:

• Ezra "Shammahwoods" Woods
  Ezra is an avid security researcher currently working as an information security engineer with Grand Canyon Education.
• Mike "CroodSolutions" Manrod
  Mike serves as the CISO for Grand Canyon Education and adjunct faculty for Grand Canyon University, teaching malware analysis. Mike also co-founded the Threat Intelligence Support Unit (TISU), a community for threat and adversary research. He is also a co-author/contributor for the joint book project, Understanding New Security Threats published by Routledge in 2019, along with numerous articles. When not working, he spends time playing video games and doing random projects with his kids.

Similar Presentations:

• HushCon Seattle 2022 / Teams: The Undetectable C2
• CactusCon 12 (2024) / Command, Control, and memes: Cordyceps + ant = zombie
• FiestaCon 2023 / Lessons Learned from C2 Development