Performing Red Team Operations with Covenant C2

Overview

Covenant is a collaborative .NET C2 framework for red teamers that provides a Swagger-documented REST API for managing listeners, launchers, grunts (agents), and tasks. This skill covers automating Covenant operations through its API for authorized red team engagements: creating HTTP/HTTPS listeners, generating binary and PowerShell launchers, deploying grunts, executing tasks on compromised hosts, and tracking lateral movement.

When to Use

• When conducting security assessments that involve performing red team with covenant
• When following incident response procedures for related security events
• When performing scheduled security testing or auditing activities
• When validating security controls through hands-on testing

Prerequisites

• Covenant C2 server deployed (Docker or .NET 6)
• Python 3.9+ with

  requests

  library
• Covenant API token (obtained via /api/users/login)
• Written authorization for red team engagement
• Isolated lab or authorized target environment

Steps

Step 1: Authenticate to Covenant API

Obtain a JWT token by posting credentials to /api/users/login endpoint.

Step 2: Create Listener

Configure an HTTP or HTTPS listener with callback URLs and bind address.

Step 3: Generate Launcher

Create a binary, PowerShell, or MSBuild launcher tied to the listener for grunt deployment.

Step 4: Deploy and Manage Grunts

Monitor grunt callbacks, execute tasks, and collect output from compromised hosts.

Step 5: Document Operations

Generate an operations report documenting all actions, timestamps, and findings.

Expected Output

JSON report with listener configuration, active grunts, executed tasks, and task output for engagement documentation.