building-red-team-c2-infrastructure-with-havoc

The skill is internally coherent for Havoc deployment, and its main install path appears to be the official source repository rather than a suspicious third-party payload. However, it gives an AI agent explicit offensive C2, credential-access, lateral-movement, and data-exfiltration capabilities, plus it weakens TLS verification in the redirector example. This is best classified as high-risk offensive security guidance, not confirmed malware.

This content is an explicit operational playbook and IaC for deploying and operating Havoc command-and-control infrastructure and associated malicious payloads. It contains strong, explicit indicators of malicious intent (C2 setup, payload generation, evasion and OPSEC techniques). The Terraform automates provisioning and execution (user_data) that will install and run offensive tooling. Treat this as malicious and high risk; do not deploy or include in trusted supply chains.