Authorization first. The whole guide assumes a signed scope and a written rules-of-engagement document. Red team infrastructure run without authorization is just an attack — none of it gets built until the paperwork is done.
What it covers
- Define the scope & objectives (ROE first)
- Leverage threat intel for adversary emulation
- Develop a tailored attack plan (MITRE ATT&CK)
- Design the C2 infrastructure & acquire domains
- Build the AWS network (VPC, IGW, subnets)
- Create the security groups
- Launch the EC2 instances (bastion, redirector, C2)
- Configure the redirector (socat/iptables or filtering nginx)
- Install & start the C2 framework (Sliver / Cobalt Strike)
- Wire up domains, DNS & TLS
- Stand up support servers (phishing, payload, RedELK)
- Operational security & teardown
The complete step-by-step — with the AWS network build, security-group rules, redirector configs, C2 install, DNS/TLS wiring, and teardown checklist — lives in the repo.