pentest-c2-operator
Set up authorized C2 simulation workflows and measure defensive detection outcomes.
About this skill
This skill is designed for authorized cybersecurity professionals, specifically penetration testers and red teams, to simulate Command and Control (C2) operations within a defined scope. It facilitates the setup and execution of C2 simulations, aiming to measure the effectiveness of an organization's defensive detection and response capabilities. By automating aspects of C2 infrastructure tracking, persistence mechanism deployment, and outcome reporting, it provides a structured approach to validate security controls. The primary goal of the `pentest-c2-operator` is to offer a standardized method for conducting C2 simulations aligned with established security frameworks like PTES, OWASP WSTG, NIST SP 800-115, and MITRE ATT&CK. It ensures that all actions are authorized, scoped, and produce deterministic artifacts. This allows security teams to objectively assess their environment's resilience against advanced persistent threats and refine their detection strategies based on empirical data. The skill emphasizes legal and ethical use, requiring explicit authorization before any live execution, and supports a dry-run mode for planning and validation.
Best use case
The primary use case for this skill is authorized penetration testing and red teaming, where security professionals need to realistically simulate C2 activities to evaluate a target organization's detection and response capabilities. Organizations benefit by gaining objective insights into their security posture against advanced threats and identifying gaps in their defensive strategies.
Set up authorized C2 simulation workflows and measure defensive detection outcomes.
A set of JSON reports detailing C2 infrastructure, persistence mechanisms, and comprehensive simulation outcomes, enabling assessment of defensive detection and response capabilities.
Practical example
Example input
Initiate an authorized C2 simulation against the target `myclient.com`, using the provided `scope.json` and saving all reports to `output_folder/`. Please perform a dry-run first.
Example output
C2 simulation dry run successful. Upon live execution with explicit authorization, output reports for infrastructure, persistence, and overall outcomes would be saved as `c2-infrastructure.json`, `persistence-mechanisms.json`, and `c2-report.json` in `output_folder/`.
When to use this skill
- When conducting authorized red team exercises or penetration tests to simulate C2 attacks.
- To measure an organization's ability to detect and respond to Command and Control (C2) communications.
- For tracking C2 simulation infrastructure, persistence mechanisms, and alerting outcomes.
- To generate standardized reports on C2 simulation results for compliance or audit purposes.
When not to use this skill
- Against any target for which you do not have explicit, written authorization.
- For unauthorized offensive operations or activities outside a defined scope.
- If you lack the necessary expertise in penetration testing methodologies or C2 operations.
- For automated, unsupervised deployment in critical production environments without thorough review and authorization.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/pentest-c2-operator/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How pentest-c2-operator Compares
| Feature / Agent | pentest-c2-operator | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | medium | N/A |
Frequently Asked Questions
What does this skill do?
Set up authorized C2 simulation workflows and measure defensive detection outcomes.
How difficult is it to install?
The installation complexity is rated as medium. You can find the installation instructions above.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Top AI Agents for Productivity
See the top AI agent skills for productivity, workflow automation, operational systems, documentation, and everyday task execution.
AI Agents for Startups
Explore AI agent skills for startup validation, product research, growth experiments, documentation, and fast execution with small teams.
SKILL.md Source
# Pentest C2 Operator ## Stage - PTES: 5-6 - MITRE: TA0011 ## Objective Track infrastructure, persistence, and alerting outcomes from C2 simulation. ## Required Workflow 1. Validate scope before any active action and reject out-of-scope targets. 2. Run only authorized checks aligned to PTES, OWASP WSTG, NIST SP 800-115, and MITRE ATT&CK. 3. Write findings in canonical finding_schema format with reproducible PoC notes. 4. Honor dry-run mode and require explicit --i-have-authorization for live execution. 5. Export deterministic artifacts for downstream skill consumption. ## Execution ```bash python skills/pentest-c2-operator/scripts/c2_operator.py --scope scope.json --target <target> --input <path> --output <path> --format json --dry-run ``` ## Outputs - `c2-infrastructure.json` - `persistence-mechanisms.json` - `c2-report.json` ## References - `references/tools.md` - `skills/autonomous-pentester/shared/scope_schema.json` - `skills/autonomous-pentester/shared/finding_schema.json` ## Legal and Ethical Notice ```text WARNING AUTHORIZED USE ONLY This skill executes real security testing tools against live targets. Use only with written authorization. ```
Related Skills
pentest-auth-bypass
Test authentication and session management controls for bypass and account takeover scenarios.
pentest-api-attacker
Test APIs against OWASP API Security Top 10 including discovery, auth abuse, and protocol-specific checks.
pentest-active-directory
Assess Active Directory identity attack paths including roasting, relay, and delegation abuse.
nmap-pentest-scans
Plan and orchestrate authorized Nmap host discovery, port and service enumeration, NSE profiling, and reporting artifacts for in-scope targets.
HIPAA Compliance for AI Agents
Generate HIPAA compliance checklists, risk assessments, and audit frameworks for healthcare organizations deploying AI agents.
Data Governance Framework
Assess, score, and remediate your organization's data governance posture across 6 domains.
Cybersecurity Risk Assessment
You are a cybersecurity risk assessment specialist. When the user needs a security audit, threat assessment, or compliance review, follow this framework.
afrexai-cybersecurity-engine
Complete cybersecurity assessment, threat modeling, and hardening system. Use when conducting security audits, threat modeling, penetration testing, incident response, or building security programs from scratch. Works with any stack — zero external dependencies.
Compliance & Audit Readiness Engine
Your AI compliance officer. Guides startups and scale-ups through SOC 2, ISO 27001, GDPR, HIPAA, and PCI DSS — from zero to audit-ready. No consultants needed.
Compliance Audit Generator
Run internal compliance audits against major frameworks without hiring a consultant.
AI Safety Audit
Comprehensive AI safety and alignment audit framework for businesses deploying AI agents. Built around the UK AI Security Institute Alignment Project standards (2026), EU AI Act requirements, and NIST AI RMF.
clickhouse-github-forensics
Query GitHub event data via ClickHouse for supply chain investigations, actor profiling, and anomaly detection. Use when investigating GitHub-based attacks, tracking repository activity, analyzing actor behavior patterns, detecting tag/release tampering, or reconstructing incident timelines from public GitHub data. Triggers on GitHub supply chain attacks, repo compromise investigations, actor attribution, tag poisoning, or "query github events".