I made a post that goes through the details and thought process behind writing a ransomware payload for training purposes. It goes over how the entire killchain works and how each component is written as well as defense evasion techniques employed throughout the process. Finally, it goes over how to automate the killchain so that it is reliable and repeatable.

This post covers the use of internal proxy techniques and some employment considerations.

SpecterInsight is a cross-platform, post-exploitation command and control framework based on .NET for red team engagements, threat emulation, and training. Distinguishing features include:

• Rich command output in JSON format
• Data augmentation on individual results
• Tight integration with ELK for data analytics
• Built-in visualizations and dashboards
• Countdown until the next callback
• Easily extendible SpecterScripts
• Integrated obfuscation and payload generation
• Clean and efficient client UI
• Cross platform components

There is also a free, indefinite evaluation license that includes the full product. Most of the SpecterScripts are open source, so it’s a good way to learn. I thought people here might find it useful.