Ever wanted to truly understand how a Command & Control (C2) server works? I built one in Python to find out. Introducing Glycon, my open-source, lightweight C2 framework designed for learning and customization. It's a hands-on playground for students, pentesters, and anyone curious about infosec.
Why Security Awareness Training Matters
This demo highlights a critical truth: no matter how strong your security systems are, your users are the last line of defense.
It also exposes ClickFix—a rapidly emerging threat that exploits human trust. And as a sneak peek, you’ll get a glimpse of Glycon, my custom C2 server currently in development.
Stay vigilant. The weakest link isn’t always technology—it’s the human factor.
I made a presentation a while ago showing a complete domain takeover from initial access in form of a malicious LNK-file, coercing, relaying, ADCS abuse and DCSync.
Part 1 shows the attack through a firewall allowing TCP 445 out.
in Part 2 SMB out is blocked (as it should be), and showing a sneaky workaround using QUIC (UDP 443) instead https://youtu.be/nVdFNB9RDaU
This video shows why using WDAC and Intelligent Security Graph. (Signed and Reputable) is a bad idea.
It also showcases Shellz 1.7.5 new PowerShell Constrained Language Mode Bypass using MSBuild.
Shellz 1.7 out now.
Grab it here:
https://github.com/4ndr34z/shells
#infosecurity #Hacking #PenTest #redteam #cybersecurity #infosec #security #hacker
Added a PowerShell version too.
https://GitHub.com/4ndr34z/ntlmthief
SwiftOnSecurity
