This configuration will setup an Nginx server that requires a valid client certificate for mutual tls. We'll cover some basic certificate setup, the nginx config, and some openssl conversions for browser certificate import.

openssl genrsa -out ca.key 4096
openssl req -new -x509 -key ca.key -out ca.crt

1. Download and install 7-Zip
2. Download and extract the 7-zip extras.
3. Create a payload build directory and copy the 7zS.sfx file from extras into it.
4. Right-click and 7z archive your decoy payload, move it to a stand-alone payload build directory.
5. Craft your payload and save it as config.txt (See payloads below, must be in UTF-8 format) within this payload build directory.
6. With cmd.exe binary combine the files, copy /b 7zS.sfx + config.txt + decoy.7z sfx_payload.exe
7. Distribute and test your sfx mayhem carefully.

• https://www.cybereason.com/blog/sliver-c2-leveraged-by-many-threat-actors
• https://community.netwitness.com/t5/netwitness-community-blog/sliver-c2-network-and-endpoint-detection-with-netwitness/ba-p/689643

• https://twitter.com/svch0st/status/1562752142066470918?lang=en

In the code block below we're going to launch two graphical applications on a headless server (no desktop environment) within their own virtual display, then launch an instance of x11vnc server connected to each virtual display. Generally if you have more than one application you might as well run a full desktop environment and vnc server, but this is more fun.

• x11vnc
• the desktop apps you want (handbrake and firefox used in example)
• (optional) fluxbox or other minimal DE

The main python caldera service, /etc/systemd/system/caldera.service.

[Unit]
Description=MITRE Caldera Server

[Service]
WorkingDirectory=/opt/caldera
ExecStart=/usr/bin/python3 server.py --insecure