Red Teaming with Azure: Building C2 Infrastructure with Azure VMs

To create a new virtual machine, go to the main dashboard, click Virtual Machines, and select Azure Virtual Machine. If you’re using the free account, this may apply to your free credits. Be sure to pause your VM when not in use to save money.

Figure 9 — shows creating a new Azure virtual machine

Next, we will need to select the subscription and resource group that we have previously created, “infrastructure” and “red-ops”. In the instance details section, we will specify a name for the virtual machine; I have named it “mythicC2” since it will serve as the host for the Mythic C2 framework.

We will keep the default configuration for the Availability Zone and Security Type, which is Zone 1 and Trusted launch respectively.

Figure 10 — shows the VM’s initial configurations

To select the machine specification, we can choose the Standard option with 8GB of memory; the available options might be different if using the trial version.

As for the Administrator account section, we will need to choose the SSH key for authentication and then create a new SSH key pair that can be used later to access the VM.

Figure 11 — shows selecting the VM disk size and authentication option

All inbound connections are blocked by default, except for port 22 (SSH).

Figure 12 — shows port 22 for SSH is allowed by default

Next, for the OS disk size, we will go with the default option of 30GB, with no encryption, as we don’t need it for the current testing purposes.

If you want to use encryption, you will need to enable the feature on your subscription before you can use it. Here is the link to Microsoft documentation on “encryption at host level” for more information.

For the networking interface, we will keep the default configuration that will allow the SSH port to open publicly.

Figure 14 — shows SSH port 22 is open in the Public Inbound ports

The same applies to the Management section; I kept the default settings. The Management section handles VM configurations, including identity management, backup configuration, and certificate-based authentication.

Figure 15 — shows the management section on the VM configurations

Also, in the Monitoring section, I didn’t make any changes to the default settings. However, you have the option to customize alert rules to receive notifications for significant events related to your VM.

Additionally, you can use other features such as diagnostics to troubleshoot boot failures, and health monitoring to ensure the infrastructure’s availability and performance.

Figure 16 — shows the Monitoring section of the VM configuration

The Advanced section offers more comprehensive options and settings that go beyond the basic configurations. It includes Extensions that allow for additional software modules to be added to the VM to provide specific functionalities, and Policies that enforce rules for the VM, such as security policies, resource allocation limits, and guest configuration restrictions.

Since we won’t need to modify this part for our VM, we can proceed to the next section.

Figure 17 — shows the Advanced section in the VM configuration

After adding a tag to the VM, we review the information and click “Review + Create”. We then enter an email and phone number to receive notifications regarding the created resource.