🕵️♂️ AlertMe C2: Adversary Emulation & FinTech Security Lab 🕵️♂️
☣️ Application Description: Red Team Perspective
The AlertMe Server is a centralized Command & Control (C2) Orchestration Platform engineered to simulate sophisticated Financial Fraud (FF) attack vectors.
From an ethical hacker’s perspective, this server facilitates the study of Red Team Adversary Emulation. It manages real-time socket connections to banking PWAs to explore the efficacy of Smishing (SMS Phishing), Social Engineering (SE), and Data Exfiltration techniques. By leveraging WebSockets, the server enables researchers to intercept client-side sessions, trigger mock "Fake Alert" payloads, and analyze how users interact with deceptive banking interfaces under simulated high-pressure scenarios.
🛠️ System Specifications
| Layer | Technology Stack | Tactical Utility |
|---|---|---|
| Runtime | Node.js (v18+) |
High-performance asynchronous execution. |
| Framework | Express.js 5.2.1 |
API endpoint management for health & payloads. |
| Real-time C2 | Socket.io |
Bidirectional C2 channel for data exfiltration. |
| Messaging | Twilio SDK |
Smishing & SMS Gateway trigger simulation. |
| Persistence | LocalStorage / Hooks |
Client-state tracking via account numbers. |
🚀 Local Installation (Security Lab Setup)
Follow these steps to deploy the C2 server in your local research environment:
1️⃣ Prepare the Environment code Bash download content_copy expand_less git clone https://github.com/cyberlawal/alertme-c2-server.git cd alertme-c2-server 2️⃣ Configuration (Secrets Management)
Create a .env.local file to store your simulated attack credentials:
code Env download content_copy expand_less NEXT_PUBLIC_REMOTE_SERVER_URL=http://localhost:3001 CLIENT_URL=http://localhost:3000 TWILIO_ACCOUNT_SID=AC_RESEARCH_HASH TWILIO_AUTH_TOKEN=TOKEN_HASH 3️⃣ Launch the Orchestrator code Bash download content_copy expand_less npm install npm run server
Server active at http://localhost:3001 | Health check: /health
🗺️ Offensive Security Roadmap Phase Milestone Research Goal P0 Socket Encryption Hardening C2 channels against interception. P1 Payload Randomization Evading automated fraud detection patterns. P2 Session Hijacking Simulating token theft and account takeover (ATO). P3 Global CDN Proxy Testing latency in cross-border C2 orchestration. 👤 Author & Researcher: Oluwaseun Lawal
Cybersecurity Researcher | Red Team Specialist Pioneering research into FinTech vulnerabilities and human-centric attack vectors.
|
|
⚖️ CRITICAL LEGAL NOTICE
🛑 EDUCATIONAL USE ONLY 🛑
This server and its associated client applications are developed strictly for Authorized Penetration Testing, Vulnerability Research, and Security Education. The use of "Fake Alert" simulations to defraud individuals or systems without explicit legal authorization is a criminal offense. The author, Oluwaseun Lawal, provides this tool for defense-oriented research only. Use responsibly and legally.
Simulating the threat to build the shield.
© 2026 AlertMe Cyber Research Labs