Research Disclaimer

Research Notice

This framework is developed for academic and cybersecurity research purposes only. It is designed to operate exclusively within an isolated lab environment.

The C2 Framework is an experimental command and control system created to support research in:

Network traffic analysis and detection methodologies
Encrypted protocol analysis and behavioral detection
Evasion technique effectiveness evaluation
Cybersecurity defense system testing

All use of this software must comply with applicable laws, institutional policies, and ethical research standards.

Prohibited Uses

The following uses of this framework are strictly prohibited:

Unauthorized Deployment

PROHIBITED: Deployment against any system without explicit written authorization from the system owner

Outside Lab Network

PROHIBITED: Use outside the defined lab network or isolated environment

Operational Use

PROHIBITED: Any operational or commercial use outside of research contexts

Malicious Activity

PROHIBITED: Any use intended to cause harm, disruption, or unauthorized access

Detailed Restrictions

Legal Restrictions
Ethical Guidelines
Technical Safeguards

Deployment Restrictions

May not be deployed on systems without explicit written authorization
May not be used against production infrastructure
May not be used to access systems you do not own or have permission to test
Must comply with Computer Fraud and Abuse Act (CFAA) and equivalent laws in your jurisdiction

Network Restrictions

Must operate only within isolated lab networks
Must not connect to or communicate with external networks
Must not be deployed on systems connected to the internet
Must not traverse network boundaries outside the lab environment

PenaltiesUnauthorized use of this software may violate:

Computer Fraud and Abuse Act (18 U.S.C. § 1030)
Electronic Communications Privacy Act
State and local computer crime laws
International cybercrime laws

Violations may result in criminal prosecution, civil liability, and academic sanctions.

Enforced ControlsThe framework implements mandatory safety controls:

# Environment check from agent/environment_checks.py:13-25
def _check_lab_mode() -> None:
    """Exit immediately if LAB_MODE env var is not set to '1'."""
    value = os.environ.get(config.LAB_MODE_ENV_VAR)
    if value != config.LAB_MODE_REQUIRED:
        logger.error(
            'LAB_MODE invalid — refusing to run outside lab',
            extra={'check': 'lab_mode', 'value': value}
        )
        sys.exit(1)

Host Whitelisting

# From common/config_example.py:6-9
ALLOWED_HOSTS = [
    'c2.lab.internal',
    '192.168.100.10',
]

Command BlocklistPrevents execution of privileged operations:

Registry modifications
Task scheduling
Service control
Network reconnaissance
Privilege enumeration

These controls cannot be disabled without modifying source code.

Lab Environment Requirements

The C2 Framework must only be deployed in environments meeting ALL of the following requirements:

Network Isolation

Lab network must be physically or logically isolated from:

Production networks
Corporate networks
Internet connectivity (except for controlled research scenarios)
Any network containing systems not dedicated to research

System Ownership

All systems in the lab environment must be:

Owned by the researcher or research institution
Dedicated to research purposes
Not used for production workloads
Properly configured with LAB_MODE=1 environment variable

Authorization

Deployment must have:

Written authorization from institution or system owner
Documented research objectives and methodology
Approval from appropriate oversight bodies (IRB, ethics board, etc.)
Clear termination and cleanup procedures

Documentation

Maintain records of:

Lab topology and network configuration
All systems involved in the research
Authorization documentation
Activity logs and research data
Incident response procedures

Liability Disclaimer

The author accepts no liability for misuse of this software.

By using this framework, you acknowledge and agree:

No Warranty

This software is provided “AS IS” without warranty of any kind
The author makes no representations about the suitability, reliability, or accuracy of this software
Use is at your own risk

User Responsibility

You are solely responsible for ensuring your use complies with all applicable laws
You are solely responsible for obtaining proper authorization before deployment
You are solely responsible for maintaining proper isolation and safety controls
You are solely responsible for any consequences of misuse

Limitation of Liability

The author shall not be liable for any damages arising from use or misuse of this software
This includes direct, indirect, incidental, consequential, or punitive damages
The author is not responsible for how this software is used by others

Indemnification

You agree to indemnify and hold harmless the author from any claims arising from your use of this software
You accept full responsibility for compliance with all applicable laws and regulations

Responsible Use Guidelines

Following these guidelines helps ensure ethical and legal research practices.

Before Deployment

1. Obtain Authorization

Get written approval from appropriate authorities
Document the research scope and objectives
Identify all systems and networks involved
Establish clear boundaries and limitations

2. Configure Lab Environment

Verify complete network isolation
Set LAB_MODE=1 on all systems
Configure allowed hosts whitelist
Test safety controls and blocklists

3. Document Configuration

Record lab topology and IP addresses
Document authentication credentials
Establish logging and monitoring
Create incident response procedures

4. Review Compliance

Verify compliance with institutional policies
Check applicable laws in your jurisdiction
Obtain IRB approval if required
Review data handling requirements

During Research

Monitor continuously: Ensure components remain within lab boundaries
Log all activity: Maintain detailed records of research activities
Verify isolation: Regularly check network boundaries and firewall rules
Follow protocols: Adhere to established research procedures and safety controls

After Research

Cleanup thoroughly: Remove all framework components from test systems
Document findings: Record research results and observations
Secure data: Properly handle and store any collected research data
Report responsibly: Disclose any security findings through appropriate channels

Research Ethics Considerations

When conducting research with this framework:

Data Protection
Responsible Disclosure
Academic Conduct

Minimize Data Collection

Collect only data necessary for research objectives
Avoid capturing sensitive or personal information
Implement data retention limits
Securely delete data when no longer needed

Secure Storage

Encrypt research data at rest and in transit
Limit access to authorized researchers only
Maintain audit logs of data access
Follow institutional data handling policies

Compliance Checklist

Before using this framework, verify you can answer “Yes” to all items:

If you cannot verify ALL items above, do not proceed with deployment of this framework.

Contact and Reporting

If you:

Discover security issues in the framework itself
Observe misuse of the framework
Have questions about appropriate use
Need guidance on research ethics

Contact the project maintainer or your institutional security team immediately.

Acknowledgment

By using this software, you acknowledge that:

You have read and understand this disclaimer
You accept all terms and conditions outlined herein
You agree to use the framework only for legitimate research purposes
You will comply with all applicable laws and ethical guidelines
You accept full responsibility for your use of this software

This disclaimer is subject to change. Check the repository for the most current version before each use.

Introduction to the C2 Framework

System Architecture

⌘I

Overview

Getting Started

Core Concepts

Deployment

Operator Guide

Evasion Techniques

Telemetry & Analysis

Research Notice

Prohibited Uses

Unauthorized Deployment

Outside Lab Network

Operational Use

Malicious Activity

Detailed Restrictions

Lab Environment Requirements

Liability Disclaimer

No Warranty

User Responsibility

Limitation of Liability

Indemnification

Responsible Use Guidelines

Before Deployment

1. Obtain Authorization

2. Configure Lab Environment

3. Document Configuration

4. Review Compliance

During Research

After Research

Research Ethics Considerations

Compliance Checklist

Contact and Reporting

Acknowledgment

Build docs developers (and LLMs) love

Overview

Getting Started

Core Concepts

Deployment

Operator Guide

Evasion Techniques

Telemetry & Analysis

​Research Notice

​Prohibited Uses

Unauthorized Deployment

Outside Lab Network

Operational Use

Malicious Activity

​Detailed Restrictions

​Lab Environment Requirements

​Liability Disclaimer

​No Warranty

​User Responsibility

​Limitation of Liability

​Indemnification

​Responsible Use Guidelines

​Before Deployment

1. Obtain Authorization

2. Configure Lab Environment

3. Document Configuration

4. Review Compliance

​During Research

​After Research

​Research Ethics Considerations

​Compliance Checklist

​Contact and Reporting

​Acknowledgment

Build docs developers (and LLMs) love

Research Notice

Prohibited Uses

Detailed Restrictions

Lab Environment Requirements

Liability Disclaimer

No Warranty

User Responsibility

Limitation of Liability

Indemnification

Responsible Use Guidelines

Before Deployment

During Research

After Research

Research Ethics Considerations

Compliance Checklist

Contact and Reporting

Acknowledgment