Automating C2 Infrastructure with Terraform, Nebula, Caddy and Cobalt Strike This guide demonstra

Automating C2 Infrastructure with Terraform, Nebula, Caddy and Cobalt Strike

This document outlines how to automate the deployment of a complete Command-and-Control (C2) infrastructure using Terraform, Nebula, Caddy, and Cobalt Strike. The objective is to achieve rapid, repeatable, and resilient infrastructure deployment for red team operations.

Overview

The automation covers:

• Cloud virtual machine provisioning

• DNS configuration

• Encrypted overlay networking

• HTTPS reverse proxy

• Cobalt Strike team server deployment

• Secure operator access

This setup enables fast infrastructure spin-up and teardown with minimal manual effort.

Prerequisites

• Linux system (Kali Linux recommended)

• Terraform installed

• Python 3 installed

• Cloud provider account (e.g., Linode)

• Domain name

• Valid Cobalt Strike license

Project Structure

Terraform Setup

Download and install Terraform:

Initialize and manage infrastructure:

Terraform Templates

Core Terraform files used:

• providers.tf

• variables.tf

• security.tf

• dns.tf

• lighthouse.tf

• team-server.tf

• edge-redirectors.tf

• internal-redirectors.tf

• output.tf

DNS Configuration

Terraform automatically manages DNS records for HTTPS and DNS-based C2 traffic.

Nebula Overlay Network

Nebula creates an encrypted overlay network between all infrastructure components.

Nodes include Lighthouse, Team Server, Redirectors, and Operator.

Caddy HTTPS Setup

Caddy is used as a reverse proxy with automatic TLS using ACME.

Cobalt Strike Setup

Convert TLS certificates:

Convert to Java Keystore:

Start the team server:

Python Wrapper

Install dependencies:

Example configuration:

Summary

Automating C2 infrastructure ensures consistency, speed, and improved operational security for red team engagements.