Architecture

Monarch's architectural design

To understand how to use Monarch, it would be wise to first understand how it works. This page explains what there is to know about Monarch's architecture for developers.

Overview

Monarch's architecture can be boiled down to 3 major components:

• The C2 server

• The builder service

• The implant itself

C2 server

The C2 server facilitates communication between operators and live implants. As long as it's live, the deployed agents can be controlled.

The server has a specific, well-defined schema that implants or C2 profiles may use to directly communicate with it.

C2 client

The C2 client (not to be confused with implant(s)) is the interface that operators use to interact with the server and agents. The client communicates with gRPC, and the connection is secured by mTLS, and simple challenge-response authentication.

Services

The builder service is a container that has an exposed RPC endpoint. It receives the following information from the main server:

• Requests for details about build parameters

• Chosen build arguments

• Requests for details about in-built implant commands

It also returns:

• Build parameter details

• The compiled agent, or compilation errors if any

• implant command descriptions