|
|
|
|
|
|
by max68
2047 days ago
|
|
|
What’s the benefit of this over an open source tool like Mythic, Covenant, or Sliver? To me, it seems like evasion is the big plus, but how many people have actually REd this implant? If this tool became popular, I’m sure the Windows Defender team would be able to detect it. It seems like the benefit would be gone at scale. I wonder if the implant is single or multi staged. Seems like a neat project. Interested to see how it’ll compete with open source alternatives. |
|
|
* optional usage of ngrok for communication
* possibility of a two-phase delivery via command stagers
* certificates for both implant and server are loaded from memory
* a great deal of post-exploitation modules, with descriptive names, most modules are multiplatform
* custom key-value communication protocol
* presence of sandbox-detection methods
New version (if the current one will sell) will include possibility to control up to 40 implants with enabled tunnel (and unlimited without it), and 6 new sandbox detection methods.
Also, if you buy our software, we'll provide you with free updates, because maybe, one day AV solutions will detect an implant, so we'll have to change something that will make implants invisible again.
We also plan to add different evasion modules, such as suspender of AV-specific processes.