readme update with channel list and detection material

WithSecureLabs · Oct 21, 2021 · 80ca230 · 80ca230
1 parent c1c8bc9
commit 80ca230
Showing 1 changed file with 39 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -14,6 +14,45 @@ See [this](https://labs.mwrinfosecurity.com/tools/c3) blog post for a detailed t
 
 For contribution guide (how to develop a Channel tutorials), see [this page](CONTRIBUTING.md).
 
+## Supported Channels
+
+### External Channels
+
+| Channel Name            | Contributor |
+|-------------------------|-------------|
+| Mattermost              | [@mariuszbit](https://twitter.com/mariuszbit)        |
+| Asana                   | [@tvgdb2](https://twitter.com/tvgdb2)            |
+| GitHub                  | [@sunn_y_k](https://twitter.com/sunn_y_k)            |
+| Dropbox                 | [@adm1nPanda](https://twitter.com/adm1nPanda)            |
+| JIRA                    |             |
+| Discord                 |             |
+| GoogleDrive             |             |
+| Slack                   |             |
+| EWS Tasks               |             |
+| OneDrive 365 Rest File  |             |
+| OneDrive 365 Rest Task  |             |
+
+### Internal Channels
+
+| Service                 | Contributor |
+|-------------------------|-------------|
+| MSSQL                   | [@checkymander](https://twitter.com/checkymander)            |
+| UNC Share File          |             |
+| LDAP                    |             |
+| Printer Jobs                   |             |
+
+
+## Detection
+- [Hunting for C3 (release blog)](https://labs.f-secure.com/blog/hunting-for-c3/)
+- [Attack Detection Fundamentals C2 and Exfiltration Lab - Dropbox](https://labs.f-secure.com/blog/attack-detection-fundamentals-c2-and-exfiltration-lab-3)
+- [Attack Detection Fundamentals Discovery and Lateral Movement Lab - UNC Share File](https://labs.f-secure.com/blog/attack-detection-fundamentals-discovery-and-lateral-movement-lab-3/)
+- [Using and detecting C2 printer pivoting](https://labs.f-secure.com/blog/print-c2/)
+- [Black Hat USA 2021 - I'm a Hacker Get Me Out of Here! Breaking Network Segregation Using Esoteric Command & Control Channels](http://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Coote-Im-A-Hacker-Get-Me-Out-Of-Here-Breaking-Network-Segregation-Using-Esoteric-Command-Control-Channels.pdf)
+- [Pursuing Evasive Custom Command & Control - Guide M - ROOTCON](https://media.rootcon.org/ROOTCON%2014%20(Recovery%20Mode)/Talks/Pursuing%20Evasive%20Custom%20Command%20&%20Control%20(C3).pdf)
+- [YARA Rule - C3 Reflective DLL Usage](https://gist.github.com/ajpc500/9ae6eb427375438f906b0bf394813bc5)
+- [Sigma Rule - C3 DLL Launch](https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/process_creation_c3_load_by_rundll32.yml)
+- [Relay Rumbler - C3 Relay Binary Config Parser](https://github.com/ajpc500/RelayRumbler)
+
 ## Glossary
 
 The most commonly used terms in C3: