Red Commander is a red team C2 infrastructure built in Amazon AWS using Ansible.

The tool [1] is developed by Alex Williams, security consultant at GuidePoint Security, and can help pentesters improve their defensive responses but can also be used by adversaries to simulate their attacks.


Red Commander provides two Cobalt Strike servers, one for HTTPS communications and the other is for DNS communications which will serve as a backup once the HTTPS server has been taken down.

The tool also includes the following features:

  • Custom Cobalt Strike Package Support
  • Custom MalleableC2 Support per C2
  • C2Concealer Support
  • Modified from Threat Express
  • Joomla Support for Web Redirectors.
  • Custom EDR Evasion support via Web Redirectors
  • A module that can identify bad IP addresses and eliminate sandboxes from investigating the C2server.