Playbook · Red Team

Manual Red Team Infrastructure

A start-to-finish playbook for the administrative and technical logistics of a red team engagement — scoping and adversary emulation through standing up, wiring, and tearing down operational C2 infrastructure on AWS.

Read the full playbook on GitHub →

Authorization first. The whole guide assumes a signed scope and a written rules-of-engagement document. Red team infrastructure run without authorization is just an attack — none of it gets built until the paperwork is done.

What it covers

  1. Define the scope & objectives (ROE first)
  2. Leverage threat intel for adversary emulation
  3. Develop a tailored attack plan (MITRE ATT&CK)
  4. Design the C2 infrastructure & acquire domains
  5. Build the AWS network (VPC, IGW, subnets)
  6. Create the security groups
  7. Launch the EC2 instances (bastion, redirector, C2)
  8. Configure the redirector (socat/iptables or filtering nginx)
  9. Install & start the C2 framework (Sliver / Cobalt Strike)
  10. Wire up domains, DNS & TLS
  11. Stand up support servers (phishing, payload, RedELK)
  12. Operational security & teardown
The complete step-by-step — with the AWS network build, security-group rules, redirector configs, C2 install, DNS/TLS wiring, and teardown checklist — lives in the repo.

github.com/rbfp/manual-red-team-infrastructure →