RT-C2E is a deeply technical, hands-on red teaming course that gives you the practical skills, clear guidance, and ready-to-use tooling to build a production-ready, three-layer command-and-control (C2) infrastructure from scratch—ready to support professional red teaming engagements.
You’ll learn how to design an end-to-end C2 infrastructure around real operator workflows and the requirements that matter in practice: reliability, security, and cost control. You’ll start by defining the architecture and building a hardened, on-premises virtualization foundation. From there, you will implement the core infrastructure—including firewalls, secure remote access, and a centralized gateway—before deploying the vital engagement systems operators depend on, such as operator clients and teamservers running various C2 frameworks. From there, you’ll build the external cloud layer with multiple redirector options and a secure private overlay that links cloud and on-prem components, while keeping sensitive internal systems protected and limiting exposure of critical infrastructure.
As you progress through the modules, you’ll add the operational capabilities that make a C2 environment effective and sustainable: centralized logging, internal file sharing, and deployment automation through an integrated dashboard to reduce manual effort and improve efficiency. Every stage is backed by step-by-step implementation guidance, custom configuration files, templates, scripts, and automation components tailored for easy adaptation.
By the end of RT-C2E, you’ll have a robust, secure, and automated C2 infrastructure that is cost-effective, auditable, and reliable. With clear separation of engagement data, strong access controls, and comprehensive logging for accountability, you and your team can focus on executing red teaming engagements efficiently and professionally.
By the end of this hands-on course, you’ll have a secure, robust, flexible, and cost-efficient C2 infrastructure that’s fully operational and ready for real-world red teaming engagements.
To get you there, we provide the tools and knowledge to either build the full environment from scratch or use individual modules to improve an existing setup—each lesson stands on its own while still fitting into the broader design. You’ll follow clear, step-by-step guidance—from designing and building the core platform to adding operator-focused capabilities like centralized logging and deployment automation.
With access to the course, you’ll receive an attack-infrastructure control dashboard that runs on Proxmox VE. It enables your red team to deploy engagement-ready infrastructure in minutes and monitor its health. In addition, you’ll get a large set of custom configuration files, scripts and templates to support the workflows throughout this course.
The dashboard supports automated provisioning of teamservers, log servers, and VPS redirectors, including installation and configuration of the selected:
C2 framework (currently supported: Cobalt Strike)
Logging stack (currently supported: Grafana Loki with Alloy)
Redirector software (currently supported: RedWarden)
Deployed components are automatically connected to each other and integrated into the permanent C2 infrastructure you build throughout the course.
By the end of this course, you will be able to:
Design a C2 infrastructure around real operator needs
Build a resilient, production-ready three-layer C2 environment
Set up a hardened virtualization foundation
Implement secure remote access and a centralized gateway
Deploy key engagement systems, including operator clients and teamservers
Set up C2 frameworks such as Cobalt Strike and Mythic
Implement centralized logging and an analysis dashboard
Build the external cloud layer and deploy multiple redirector options
Create a secure private overlay between cloud and on-prem components
Implement operator utilities, such as internal file sharing, to streamline daily tasks
Use an automation dashboard to deploy core systems (on-prem and cloud) and monitor environment health
The course is organized into six modules. Each module has clear outcomes, concise theory, and—most importantly—hands-on build-along instructions and assignments:
Design the C2 architecture using a workflow-first approach and produce a three-layer blueprint (edge, on-prem core, cloud services) that balances robustness, scalability, and cost.
Build the core platform using virtualization (with bare-metal installation instructions), then add secure remote access, network segmentation, and a fine-grained remote access gateway with auditing.
Deploy the core on-prem components by setting up the Management Server, Operators Clients, and Teamservers while separating admin and operator roles.
Build the external-facing layer by deploying cloud VPS redirectors, configuring domains, and securely connecting redirectors to on-prem teamservers via a private overlay network.
Add operational services by deploying centralized logging and shared file storage to support auditing, analysis, and collaboration within the environment.
Bring everything together by implementing the automation dashboard provided in this course and integrating it into your C2 infrastructure. You’ll use it to enable repeatable, fast deployment of engagement-ready attack infrastructure, run infrastructure health checks, and manage operator accounts.
Integrate Quality of Life (QoL) enhancements to your environment like C2 notifications.
To get the most out of this course, you should have the following prerequisites.
Hosting Platform: Ideally, you have a dedicated bare-metal system to install a fresh virtualization platform on (which we cover as the first step in the course) or access to an existing enterprise virtualization environment (preferably Proxmox VE). For learning and lab demonstration purposes, a desktop hypervisor (such as VMware Workstation) is sufficient.
Workstation: A laptop or desktop computer to connect to your environment and follow along with the training materials.
Internet Access: A reliable internet connection to download operating system images, pull container images, retrieve package updates, and access course resources.
Domain & DNS Control: The ability to register a new domain name or fully manage DNS records (A and AAAA) for an existing domain.
Cloud Infrastructure Access: The ability to provision and administer Virtual Private Servers (VPS) with a public cloud provider (preferably DigitalOcean).
Red teaming fundamentals: Basic familiarity with red-teaming and the associated terminology.
Systems and networking: Working knowledge of Linux/Windows administration, networking fundamentals, and basic scripting.
No. This course does not include licenses for paid third-party software such as Cobalt Strike.
Most of the software used in the course is open source. The course does include setup and installation guidance for commercial products—most notably Cobalt Strike—because they are widely used in professional environments and make useful examples. However, these products are never required to complete the training: you can use your own preferred commercial tooling or an open-source alternative.
If you have questions about the course content or need help with any part of the course, you can reach us via:
Community Spaces: Practitioners enrolled in our courses receive exclusive access to our private Community Spaces for active technical support.
Email: support@westerntactics.com
Equip your teams with the world-class cybersecurity training and capabilities they need to proactively defend your organisation against emerging threats.