Читал отчет red team и наткнулся на интересный framework,с сорцами на go.
framework:_hxxps://github.com/dobin/antnium
admin:_hxxps://github.com/dobin/antniumui
A C2 framework and RAT written in Go.
This source code is publicly published as reference for my presentation Develop your own RAT - AV & EDR Defense. Antnium inteded to fulfill my own requirements, and not those of others. Works for the campaigns i performed, but is not necessarily meant to be a generic C2 framework.
There are two components:
This source code is publicly published as reference for my presentation Develop your own RAT - AV & EDR Defense. Antnium inteded to fulfill my own requirements, and not those of others. Works for the campaigns i performed, but is not necessarily meant to be a generic C2 framework.
There are two components:
- client.exe: The actual RAT / beacon / agent / implant
- server.exe: C2 server
Features
- HTTP/S and Websocket communication channel
- Proxy support (manual, windows, authenticated and kerberos)
- Command execution
- Direct LOLbins
- Copy file first
- Process hollowing
- Interactive cmd.exe/Powershell shell
- Remote managed and unmanaged code
- Using donut
- PE to shellcode
- Encrypted
- AMSI bypass
- Direct LOLbins
- EDR bypass with Reflexxion (ntdll.dll restore)
- Encrypted communication
- Malleable C2
- File upload / download
- File browser
admin:_hxxps://github.com/dobin/antniumui
Home
CMD
CMD