admin/conquest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
131 Commits 2 Branches 0 Tags
5f1a9979be6384ffe029a4b41f8b0fe78679ccde
Commit Graph

19 Commits

Author SHA1 Message Date
Jakob Friedl
94f2f8121c Implemented 'dotnet' command for execute-assembly functionality. Patched AMSI using HWBP 2025-09-13 11:47:19 +02:00
Jakob Friedl
9b94a06ce9 Implemented basic .NET assembly execution using winim/clr. 2025-09-12 15:06:28 +02:00
Jakob Friedl
e64e31a7bc Integrated sleep obfuscation settings into agent generation. 2025-09-04 13:44:50 +02:00
Jakob Friedl
e297bb2d76 Split sleep obfuscation into separate functions to increase readability and changed to manual API resolution. 2025-09-04 12:02:50 +02:00
Jakob Friedl
5ebe5d3598 Implemented the Foliage sleep obfuscation technique. 2025-09-03 23:21:45 +02:00
Jakob Friedl
d0545ffd16 Implemented 'screenshot' command. 2025-09-03 19:38:22 +02:00
Jakob Friedl
653dfac4b4 Improved sleep obfuscation cleanup. 2025-09-03 08:46:38 +02:00
Jakob Friedl
b19f8e1236 Implemented Zilean sleep obfuscation technique as an alternative to Ekko. 2025-09-02 21:41:04 +02:00
Jakob Friedl
4ceb756cfd Added 'bof' module for executing object files and fixed handling of optional arguments. 2025-08-29 15:58:26 +02:00
Jakob Friedl
352b8fd8d1 Reworked beacon.nim with definitions from trustedSec's COFFLoader. 2025-08-29 13:40:00 +02:00
Jakob Friedl
957f96f1ca Implemented COFF loader. 2025-08-28 19:00:34 +02:00
Jakob Friedl
e1ea085a0d Decided against implementing additional heap obfuscation for Ekko, due to no sensitive data being allocated in heap memory. 2025-08-28 12:47:37 +02:00
Jakob Friedl
d3e0d5e6de Implemented Ekki according to MalDev module with both Native API and WinAPI; fixing race condition for both implementations. 2025-08-27 11:37:07 +02:00
Jakob Friedl
00866b30cd Implemented basic sleep obfuscation via the Ekko technique using WinAPI. Improvement needed! 2025-08-27 00:27:50 +02:00
Jakob Friedl
c7980d219d Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now. 2025-08-15 15:42:57 +02:00
Jakob Friedl
e403ac1c07 Refactored utility functions to make them more readable and removed separate register endpoint. 2025-08-14 12:25:06 +02:00
Jakob Friedl
b7622dd72f Updated C2 communication to hide heartbeat data in JWT token. 2025-08-13 13:38:39 +02:00
Jakob Friedl
882579b3cb Implemented sequence tracking. 2025-07-26 18:20:54 +02:00
Jakob Friedl
7bf135750c Rework module system. Now modules/commands are defined in a single file each, with both the function executed by teh agent and the definition for server-side argument parsing. 2025-07-25 16:41:29 +02:00