Mythic Documentation
Search…
Version 2.2
Common Questions and Answers
Updating
OPSEC Checks
C2 OPSEC Checks
C2 Profiles can optionally provide some operational security checks before allowing a payload to be created. For example, you might want to prevent operators from using a known-bad named pipe name, or you might want to prevent them from using infrastructure that you know is burned.
Where is it?
These checks all happen within a single function per C2 profile. For each one, they're always located at:
Mythic/C2_Profiles/[ProfileName]/mythic/c2_functions/C2_RPC_functions.py with a function called opsec:1
# The opsec function is called when a payload is created as a check to see if the parameters supplied are good
2
# The input for "request" is a dictionary of:
3
# {
4
# "action": "opsec",
5
# "parameters": {
6
# "param_name": "param_value",
7
# "param_name2: "param_value2",
8
# }
9
# }
10
# This function should return one of two things:
11
# For success: {"status": "success", "message": "your success message here" }
12
# For error: {"status": "error", "error": "your error message here" }
13
async def opsec(request):
14
return {"status": "success", "message": "No OPSEC Check Performed"}
Copied!
From the code snippet above, you can see that this function gets in a request with all of the parameter values for that C2 Profile that the user provided. You can then either return success or error with a message as to why it passed or why it failed. If you return the error case, then the payload won't be built.
Last modified 8mo ago
Copy link