Architecture
Monarch's architectural design
Last updated
Monarch's architectural design
Last updated
To understand how to use Monarch, it would be wise to first understand how it works. This page explains what there is to know about Monarch's architecture for developers.
Monarch's architecture can be boiled down to 3 major components:
The C2 server
The builder service
The implant itself
The C2 server facilitates communication between operators and live implants. As long as it's live, the deployed agents can be controlled.
The server has a specific, well-defined schema that implants or C2 profiles may use to directly communicate with it.
The C2 client (not to be confused with implant(s)) is the interface that operators use to interact with the server and agents. The client communicates with gRPC, and the connection is secured by mTLS, and simple challenge-response authentication.
The builder service is a container that has an exposed RPC endpoint. It receives the following information from the main server:
Requests for details about build parameters
Chosen build arguments
Requests for details about in-built implant commands
It also returns:
Build parameter details
The compiled agent, or compilation errors if any
implant command descriptions
