Control Pack

Get to know Control Pack in more detail.

Introduction

Control Pack is a userland Command-and-Control (C2) framework built for professional Red Teams and security researchers.

It’s designed to simulate advanced adversary techniques in realistic corporate environments. Control Pack includes multi-platform agents and incorporates the latest techniques to mimic stealthy attacker behaviors. As with similar tools, a basic understanding of the subject is recommended for proper use.

We recommend setting up a lab environment and starting to explore the tool so you can discover and take full advantage of all the capabilities and functionalities that it has to offer.

Control Pack's interface is intuitive and user-friendly. By following this manual, you will learn the basics of Control Pack. You can also join our community on Discord so you can share with other users along the way.

Begin by selecting an agent from the Control Pack menu that matches the target environment and the way you plan to execute. Think about the operating system, the available runtimes, and whether you need an interactive shell or a background worker. Every agent inherits the permissions of the user or process that launches it, so the effective access will reflect that context. Start lean with Stage-1 for initial reachability and terminal I/O, then upgrade in-session to Stage-2 when you need the extended feature set.

The Java agent is a good example of a runtime-specific choice. It runs as a JAR on any host with a compatible JVM, or you can package it as a Windows executable using Launch4J if you prefer a PE entry point. Because it executes inside the Java Virtual Machine, deployment considerations revolve around the installed JRE/JDK version and how you want to launch the artifact—directly as a JAR, via a wrapper EXE, or through a host application that can spawn Java processes. If the target lacks a JVM, pick a different agent that matches what’s present on the host.

Agent context matters just as much as the platform. A browser-shell agent executes within the browser’s process and security boundaries, so file system access, process listing, and other operations are limited to what that context allows. By contrast, a native Windows or PowerShell agent runs with the launching user’s token and can enumerate processes, transfer files, or capture screenshots according to that user’s rights. Choosing the right context up front helps you align capabilities with your objectives while keeping the footprint appropriate for the environment.

Control Pack agents share a common lifecycle. Stage-1 provides a compact terminal interface plus basic session controls like upgrading to Stage-2, exiting cleanly, or removing the agent when the task is complete. When you elevate to Stage-2, the command surface expands to include host and user enumeration, file upload and download, process and runtime discovery, optional imaging features, and migration workflows where supported. You can remain in Stage-1 for lightweight tasks and only enable Stage-2 when you need the additional tools.

Communication is designed to fit into typical enterprise routing. Agents speak to the C2 over HTTP or HTTPS with configurable endpoints, paths, and timing. You can tune intervals and jitter, adjust headers, and set retry behavior to match the network you’re operating in. This makes it straightforward to integrate with forward proxies, egress rules, and traffic capture solutions used during exercises, while keeping operator control predictable and responsive.

As you finalize your choice, confirm any prerequisites for the runtime you selected. A .NET or C# agent expects a compatible CLR; a PowerShell agent relies on the host’s PowerShell version and execution context; Python or Perl agents require their respective interpreters if you are not packaging them as self-contained executables. Packaging options differ per agent type, so decide whether you will run the script directly, bundle it into a standalone binary, or embed it within an application launcher.

Finally, consider how you will manage the session over time. Decide whether the agent should remain Stage-1 until you explicitly expand it, whether it should auto-upgrade after a check-in, and how you will handle cleanup at the end of an exercise. Control Pack records session activity so you can review actions later and produce timelines or artifacts for reports. With these pieces in place: platform, context, packaging, transport, and lifecycle, you are ready to generate the agent and proceed to deployment.

Disclaimer: Control Pack is a security testing software. It contains functionalities that could potentially damage or result in unexpected behaviour in some applications. We recommend using Control Pack only against non-production environments. Please read all documentation before using Control Pack, and do not use Control Pack against any systems for which you are not authorised by the system owner.