Introduction to Monarch

A brief introduction to the Monarch Command & Control Framework

Monarch is a Command and Control Framework for adversary emulation that encourages implant-driven development.

What does that even mean?

Typically, the process of developing implants for offensive security engagements involves creating both the implant itself, and the back-end to control it with. This not only wastes precious time, but also becomes a more difficult task the more advanced that implants get. Additionally, the manual process of choosing parameters to build the agent with can become tedious or even lead to serious mistakes.

Monarch has been designed to streamline the process of integration by providing a simple, easy-to-use development kit to efficiently automate the building and orchestration of 3rd party implants.

This documentation will guide you through the process of integrating an implant with the Monarch framework.

Terminology

The following terminology will be used throughout this guide:

1. Agent / implant: the malware that is deployed on compromised machines. These are the same and used interchangeably.

2. C2 / server: the server handles connections from both operators and agents, and facilitates communication between the two.

3. Client: the console application used to orchestrate agents, builders, sessions, and more via service requests to the C2 server.

4. Player / operator: Monarch users. These are one and the same.