Planting C4: Cross-Compatible External C2 for All Your Implants

Presented at DEF CON 33 (2025), Aug. 10, 2025, 1:30 p.m. (20 minutes).

Let’s face it — traditional HTTP C2 is burning out. Between aging domains, TLS cert management, sandbox fingerprinting, and blue teams getting smarter at categorizing traffic and infrastructure, your “custom C2” feels less covert and more like a liability. Red teams and threat actors alike are shifting toward living off legitimate services — AWS, GitHub, Box, Notion, whatever blends in — but building solutions that are custom to a single C2 framework? Let’s stop doing that. Let’s share the fun! C4 (Cross-Compatible Command & Control) is here to change that. It’s a modular toolkit of WASM-powered plugins that makes external C2 easy to implement, regardless of your implant's language or target OS. Whether you’re writing in C, Rust, Go, Python, C#, or something else entirely, C4 plugins can be loaded directly into your implant and run on Windows, macOS, or Linux. But the real game-changer? C4 provides a single, centralized collection of numerous fully-documented, operationally-ready external C2 modules — not just proof-of-concepts, but production-level integrations with trusted sites that fly under the radar. No more hunting through GitHub repos, hand-rolling fragile API calls, or hacking together glue code for every new environment. Stop reinventing external C2 and start planting some C4 in your implants!

Presenters:

• Scott "ScottCTaylor12" Taylor - Senior Red Team Operator at Sony's Global Threat Emulation
  Scott Taylor is a Senior Red Team Operator on Sony's Global Threat Emulation team. Scott has previously worked at the MITRE Corporation and T. Rowe Price focused on emulating adversary behaviors. While Scott has been a technical professional for a decade, only the second half was focused on offensive security. He started as a Linux system administration intern where he learned to build before later learning to break. Scott leverages his system administration background in his offensive security career where he passionately researches command and control (C2) infrastructure for red team operations. Open-source publications by Scott include custom C2 channels for popular C2 frameworks, leveraging cloud services for C2, and automating red team infrastructure deployment.

Similar Presentations:

• CactusCon 12 (2024) / Command, Control, and memes: Cordyceps + ant = zombie
• DEF CON 33 (2025) / C4 - Cross Compatible Command and Control Demo
• HushCon Seattle 2022 / Teams: The Undetectable C2