| * Implant is not static:
certain parts of it's code, such as sandbox detection methods, are embedded only if they are specified by the user * optional usage of ngrok for communication * possibility of a two-phase delivery via command stagers * certificates for both implant and server are loaded from memory * a great deal of post-exploitation modules, with descriptive names, most modules are multiplatform * custom key-value communication protocol * presence of sandbox-detection methods New version (if the current one will sell) will include possibility to control up to 40 implants with enabled tunnel (and unlimited without it), and 6 new sandbox detection methods. Also, if you buy our software, we'll provide you with free updates, because maybe, one day AV solutions will detect an implant, so we'll have to change something that will make implants invisible again. We also plan to add different evasion modules, such as suspender of AV-specific processes. |