admin/conquest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
166 Commits 2 Branches 0 Tags
b39a0e70e2ca665cbb973cda1bd0b3ebc42e7cd2
Commit Graph

51 Commits

Author SHA1 Message Date
Jakob Friedl
b39a0e70e2 Updated directory structure. 2025-10-03 12:44:28 +02:00
Jakob Friedl
ae09e4e7e3 Implemented basic Tab-autocompletion for agent console. 2025-10-03 09:59:50 +02:00
Jakob Friedl
ab48bc5795 Added build log to client UI. 2025-10-02 12:10:46 +02:00
Jakob Friedl
5c0beb36ff Added remote address and modules to agent structure. Help command now only shows commands for which the agent has been configured. 2025-10-02 10:25:37 +02:00
Jakob Friedl
0937840b77 Removed unused code. 2025-10-01 15:27:06 +02:00
Jakob Friedl
039c857027 Moved task parsing logic to the client to be able to support dotnet/bof commands when operating from a different machine than the team server. Disabled sequence tracking due to issues. 2025-09-30 10:04:29 +02:00
Jakob Friedl
47799ee5f5 Implemented generating agent payloads from the ImGui client. 2025-09-27 15:18:45 +02:00
Jakob Friedl
166cadcb56 Fixed bug caused by '\0' in username that broke formatting. 2025-09-25 20:22:56 +02:00
Jakob Friedl
8baf65a96d Improved dual list selection widget. 2025-09-24 19:26:17 +02:00
Jakob Friedl
42cc58b30b Replaced prologue implementation with mummy for listener management, since it seems more suitable for future use (websockets, etc.). 2025-09-19 18:31:45 +02:00
Jakob Friedl
5d09efd823 Reworked module system. Modules can now be individually set to be included in the agent. For example, it is possible to compile an agent only capable of executing BOFs and nothing else. 2025-09-17 15:55:13 +02:00
Jakob Friedl
c6bbef8520 Implemented compression of the network packet bodies. 2025-09-13 15:18:46 +02:00
Jakob Friedl
b7b9114258 Fixed issue that caused assembly execution to fail when used more than once in a session. 2025-09-13 14:14:21 +02:00
Jakob Friedl
94f2f8121c Implemented 'dotnet' command for execute-assembly functionality. Patched AMSI using HWBP 2025-09-13 11:47:19 +02:00
Jakob Friedl
9b94a06ce9 Implemented basic .NET assembly execution using winim/clr. 2025-09-12 15:06:28 +02:00
Jakob Friedl
e64e31a7bc Integrated sleep obfuscation settings into agent generation. 2025-09-04 13:44:50 +02:00
Jakob Friedl
e297bb2d76 Split sleep obfuscation into separate functions to increase readability and changed to manual API resolution. 2025-09-04 12:02:50 +02:00
Jakob Friedl
5ebe5d3598 Implemented the Foliage sleep obfuscation technique. 2025-09-03 23:21:45 +02:00
Jakob Friedl
d0545ffd16 Implemented 'screenshot' command. 2025-09-03 19:38:22 +02:00
Jakob Friedl
653dfac4b4 Improved sleep obfuscation cleanup. 2025-09-03 08:46:38 +02:00
Jakob Friedl
b19f8e1236 Implemented Zilean sleep obfuscation technique as an alternative to Ekko. 2025-09-02 21:41:04 +02:00
Jakob Friedl
ae083896b6 Implemented simple download command. 2025-09-01 19:45:39 +02:00
Jakob Friedl
8292a5b1ff Implemented handling of different argument types (int, wstring, short) for BOF files using specific prefixes. 2025-08-30 14:05:09 +02:00
Jakob Friedl
4ceb756cfd Added 'bof' module for executing object files and fixed handling of optional arguments. 2025-08-29 15:58:26 +02:00
Jakob Friedl
352b8fd8d1 Reworked beacon.nim with definitions from trustedSec's COFFLoader. 2025-08-29 13:40:00 +02:00
Jakob Friedl
957f96f1ca Implemented COFF loader. 2025-08-28 19:00:34 +02:00
Jakob Friedl
e1ea085a0d Decided against implementing additional heap obfuscation for Ekko, due to no sensitive data being allocated in heap memory. 2025-08-28 12:47:37 +02:00
Jakob Friedl
f81933e479 Extended ekko implementation with stack spoofing. 2025-08-27 20:11:22 +02:00
Jakob Friedl
a18ad3c2cb Removed Ekko WinAPI implementation to clear up file. 2025-08-27 18:24:44 +02:00
Jakob Friedl
d3e0d5e6de Implemented Ekki according to MalDev module with both Native API and WinAPI; fixing race condition for both implementations. 2025-08-27 11:37:07 +02:00
Jakob Friedl
00866b30cd Implemented basic sleep obfuscation via the Ekko technique using WinAPI. Improvement needed! 2025-08-27 00:27:50 +02:00
Jakob Friedl
8791faec3f Implemented compile-time string obfuscation via XOR for the agent. 2025-08-26 15:11:43 +02:00
Jakob Friedl
dd7433588f Refactored random byte generation functions. 2025-08-25 20:08:23 +02:00
Jakob Friedl
5922a5b850 Created nimble package and installation instructions. 2025-08-22 10:48:00 +02:00
Jakob Friedl
4a38f76331 Moved some compiler flags to nim.cfg 2025-08-19 21:00:52 +02:00
Jakob Friedl
8fcb60f57c Implemented replacing agent configuration instead of overwriting the full file. 2025-08-19 20:58:47 +02:00
Jakob Friedl
b023fca124 Implemented encryption for embedded profile. 2025-08-19 20:03:34 +02:00
Jakob Friedl
72fcb0d610 Refactor profile de/serialization, removing unnecessary overhead caused by TLV format. 2025-08-19 14:34:58 +02:00
Jakob Friedl
84e8730b1e Implemented profile embedding via patching a placeholder in the agent executable. Agent correctly deserializes and parses the profile and listener configuration. 2025-08-18 22:05:23 +02:00
Jakob Friedl
023a562be5 Implemented server output encoding for task retrieval. 2025-08-17 17:01:50 +02:00
Jakob Friedl
739faf781e Added more randomization. The profile now supports setting keys to an array of strings, from which a random one is chosen each time (useful for e.g. Host header, etc.) 2025-08-17 16:27:48 +02:00
Jakob Friedl
22c15dd82c Added randomization to profile strings by replacing '#' with random alphanumerical chars. 2025-08-15 16:18:15 +02:00
Jakob Friedl
c7980d219d Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now. 2025-08-15 15:42:57 +02:00
Jakob Friedl
714360ef24 Updated profile system, including dynamic parsing of hidden heartbeats and setting of response headers. 2025-08-14 15:53:58 +02:00
Jakob Friedl
e403ac1c07 Refactored utility functions to make them more readable and removed separate register endpoint. 2025-08-14 12:25:06 +02:00
Jakob Friedl
415cd7ebf8 Started implementing profile system. 2025-08-13 19:32:51 +02:00
Jakob Friedl
b7622dd72f Updated C2 communication to hide heartbeat data in JWT token. 2025-08-13 13:38:39 +02:00
Jakob Friedl
0e205d34d3 Updated sequence number to uint32 2025-08-06 14:28:54 +02:00
Jakob Friedl
0d54b3e64b Cleaned up parts of the serialization by removing redundant code. 2025-07-28 21:29:47 +02:00
Jakob Friedl
882579b3cb Implemented sequence tracking. 2025-07-26 18:20:54 +02:00