git404hub

what is red-team-infrastructure-wiki fr?

bluscreenofjeff/red-team-infrastructure-wiki — explained in plain English

Analysis updated 2026-06-26

4,480Audience · ops devopsComplexity · 4/5Setup · hard

tl;dr

A wiki for authorized security professionals on how to build resilient red team infrastructure, covering redirectors, domain selection, and traffic hiding so a single discovery does not expose the whole operation.

vibe map

mindmap
  root((red-team-wiki))
    Infrastructure design
      Segmented servers
      Redirectors
      Resilient operations
    Traffic types
      Web HTTP
      DNS queries
      Email phishing
    Techniques
      Domain selection
      Traffic redirection
      Third-party services
    Tools referenced
      Cobalt Strike
      Empire framework

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

what do people make with this?

VIBE 1

Design a modular red team engagement with separate servers for phishing, payload hosting, and command-and-control so one discovery does not unravel everything.

VIBE 2

Set up HTTP and DNS redirectors so defenders cannot trace discovered traffic back to the core team server.

VIBE 3

Find and register expired domains with clean history to make red team traffic blend in with legitimate web activity.

VIBE 4

Configure web server traffic redirection rules to disguise outbound connections during an authorized engagement.

what's the stack?

Cobalt StrikeEmpireDNSHTTPSMTP

how it stacks up fr

bluscreenofjeff/red-team-infrastructure-wikidataabc/weibo-crawlergictorbit/photoshopcclinux
Stars4,4804,4804,481
LanguagePythonShell
Setup difficultyhardmoderatehard
Complexity4/53/53/5
Audienceops devopsdatageneral

Figures from each repo's GitHub metadata at analysis time.

how do i run it?

Difficulty · hard time til it works · 1day+

Requires cloud servers, domain purchases, and solid knowledge of network protocols, this is a documentation resource, not a ready-to-run tool.

License terms are not described in the explanation, check the repository directly.

in plain english

This is a wiki for security professionals who conduct authorized red team engagements, meaning simulated attacks against organizations that have hired them to test defenses. A red team tries to act like a real attacker so that the organization can find and fix weaknesses. This wiki collects guidance on how to build the technical infrastructure that supports those engagements. The core idea covered here is that a red team's servers and tools should be built to survive detection. If the defending team discovers one piece of infrastructure, the red team should be able to swap it out quickly without losing the whole operation. The wiki explains how to separate different functions, such as sending phishing emails, hosting malicious files, and maintaining a connection back to the target, onto different machines so no single discovery unravels everything. A key technique covered is the use of redirectors: intermediate machines that sit between the red team's main servers and the target network. If a defender blocks one redirector, the core server is untouched and a new redirector can be swapped in. The wiki walks through how to set these up for different types of traffic, including web requests, DNS queries, and email. The domain selection section explains how to find old, legitimate-looking web domains that have expired and are available to register. Using domains with history can make red team traffic look less suspicious to automated security tools. There is also coverage of how to configure web servers to redirect traffic in ways that hide the real destination, and how to use third-party services to disguise outbound connections. The wiki references tools like Cobalt Strike and Empire, which are commercial and open-source frameworks used by professional red teams during authorized engagements. It was originally created to accompany a conference talk on hardening red team infrastructure and has since been expanded by community contributions. The full README is longer than what was shown.

prompts (copy fr)

prompt 1
Walk me through setting up a Cobalt Strike redirector using Apache mod_rewrite so the team server IP stays hidden from defenders.
prompt 2
How do I find expired domains with good reputation history for a red team phishing campaign? What tools and criteria should I use?
prompt 3
Explain the concept of infrastructure segmentation for red team operations: what goes on the redirector versus the team server and why.
prompt 4
Show me how to configure a DNS redirector that forwards DNS C2 traffic to my team server while keeping the server address hidden.
prompt 5
What third-party services can a red team use to disguise outbound connections, and how does the wiki recommend setting them up?

Frequently asked questions

what is red-team-infrastructure-wiki fr?

A wiki for authorized security professionals on how to build resilient red team infrastructure, covering redirectors, domain selection, and traffic hiding so a single discovery does not expose the whole operation.

What license does red-team-infrastructure-wiki use?

License terms are not described in the explanation, check the repository directly.

How hard is red-team-infrastructure-wiki to set up?

Setup difficulty is rated hard, with roughly 1day+ to a first successful run.

Who is red-team-infrastructure-wiki for?

Mainly ops devops.

peek the repo → explain another one

This repo across BitVibe Labs

double-check against the repo, no cap.