b6c81755a0
Implemented dual list selection widgets for choosing modules.
Jakob Friedl
2025-09-24 16:30:29 +02:00
d4bdf56224
Added more websocket commands and started agent generation modal window.
Jakob Friedl
2025-09-23 15:51:57 +02:00
d3b37aa4a1
Started work on websocket communication: Parsing/Serialization of WebSocket packets.
Jakob Friedl
2025-09-22 21:53:13 +02:00
42cc58b30b
Replaced prologue implementation with mummy for listener management, since it seems more suitable for future use (websockets, etc.).
Jakob Friedl
2025-09-19 18:31:45 +02:00
6b41efe1ed
Added simple eventlog.
Jakob Friedl
2025-09-19 11:43:14 +02:00
971bb6c8df
Added listener table view and modal for starting listeners.
Jakob Friedl
2025-09-18 17:50:58 +02:00
669a436946
Added console filter.
Jakob Friedl
2025-09-18 12:35:26 +02:00
5d09efd823
Reworked module system. Modules can now be individually set to be included in the agent. For example, it is possible to compile an agent only capable of executing BOFs and nothing else.
Jakob Friedl
2025-09-17 15:55:13 +02:00
5f1a9979be
Added console history handling with arrow keys.
Jakob Friedl
2025-09-16 22:21:11 +02:00
ee397c4fb5
Implemented console input field.
Jakob Friedl
2025-09-16 20:17:48 +02:00
ce417db941
Implemented console items window using ImGuiTextSelect after it was implemented into imguin.
Jakob Friedl
2025-09-14 22:55:44 +02:00
c6bbef8520
Implemented compression of the network packet bodies.
Jakob Friedl
2025-09-13 15:18:46 +02:00
b7b9114258
Fixed issue that caused assembly execution to fail when used more than once in a session.
Jakob Friedl
2025-09-13 14:14:21 +02:00
94f2f8121c
Implemented 'dotnet' command for execute-assembly functionality. Patched AMSI using HWBP
Jakob Friedl
2025-09-13 11:47:19 +02:00
9b94a06ce9
Implemented basic .NET assembly execution using winim/clr.
Jakob Friedl
2025-09-12 15:06:28 +02:00
f0010694eb
Added notes and some minor changes to console view. Auto-scroll to bottom is not supported with the current approach, revisit this later.
Jakob Friedl
2025-09-12 10:15:13 +02:00
e15f4842ec
Added comments.
Jakob Friedl
2025-09-11 19:11:11 +02:00
1a6977d52d
Implemented vertically and horizontally scrollable console-output window for agent interaction windows.
Jakob Friedl
2025-09-11 18:18:13 +02:00
c2b388fbf2
Implemented default docking layout. Console windows are automatically docked to the bottom panel of the application.
Jakob Friedl
2025-09-11 12:03:02 +02:00
8968c797ac
Implemented right-click context menu on session table to create console windows for interacting with the agent.
Jakob Friedl
2025-09-10 18:25:15 +02:00
5f131ae916
Implemented multi-select functionality and basic context-menu for session table.
Jakob Friedl
2025-09-09 22:55:43 +02:00
2320b705d3
Experimented with ImGUI tables for session view.
Jakob Friedl
2025-09-07 17:18:50 +02:00
87059ced4c
Created template files for core views.
Jakob Friedl
2025-09-06 14:12:51 +02:00
d834e4f713
Created initial UI component template.
Jakob Friedl
2025-09-05 19:39:24 +02:00
e7ab8b5fac
Created base template for ImGUI application.
Jakob Friedl
2025-09-05 10:49:27 +02:00
cb02d79b6e
Fixed help flag output.
Jakob Friedl
2025-09-04 15:29:54 +02:00
e64e31a7bc
Integrated sleep obfuscation settings into agent generation.
Jakob Friedl
2025-09-04 13:44:50 +02:00
e297bb2d76
Split sleep obfuscation into separate functions to increase readability and changed to manual API resolution.
Jakob Friedl
2025-09-04 12:02:50 +02:00
5ebe5d3598
Implemented the Foliage sleep obfuscation technique.
Jakob Friedl
2025-09-03 23:21:45 +02:00
d0545ffd16
Implemented 'screenshot' command.
Jakob Friedl
2025-09-03 19:38:22 +02:00
653dfac4b4
Improved sleep obfuscation cleanup.
Jakob Friedl
2025-09-03 08:46:38 +02:00
b19f8e1236
Implemented Zilean sleep obfuscation technique as an alternative to Ekko.
Jakob Friedl
2025-09-02 21:41:04 +02:00
4ae9add3af
Implemented simple upload command.
Jakob Friedl
2025-09-01 20:27:00 +02:00
ae083896b6
Implemented simple download command.
Jakob Friedl
2025-09-01 19:45:39 +02:00
8292a5b1ff
Implemented handling of different argument types (int, wstring, short) for BOF files using specific prefixes.
Jakob Friedl
2025-08-30 14:05:09 +02:00
4ceb756cfd
Added 'bof' module for executing object files and fixed handling of optional arguments.
Jakob Friedl
2025-08-29 15:58:26 +02:00
352b8fd8d1
Reworked beacon.nim with definitions from trustedSec's COFFLoader.
Jakob Friedl
2025-08-29 13:40:00 +02:00
957f96f1ca
Implemented COFF loader.
Jakob Friedl
2025-08-28 19:00:34 +02:00
e1ea085a0d
Decided against implementing additional heap obfuscation for Ekko, due to no sensitive data being allocated in heap memory.
Jakob Friedl
2025-08-28 12:47:37 +02:00
f81933e479
Extended ekko implementation with stack spoofing.
Jakob Friedl
2025-08-27 20:11:22 +02:00
a18ad3c2cb
Removed Ekko WinAPI implementation to clear up file.
Jakob Friedl
2025-08-27 18:24:44 +02:00
d3e0d5e6de
Implemented Ekki according to MalDev module with both Native API and WinAPI; fixing race condition for both implementations.
Jakob Friedl
2025-08-27 11:37:07 +02:00
00866b30cd
Implemented basic sleep obfuscation via the Ekko technique using WinAPI. Improvement needed!
Jakob Friedl
2025-08-27 00:27:50 +02:00
8791faec3f
Implemented compile-time string obfuscation via XOR for the agent.
Jakob Friedl
2025-08-26 15:11:43 +02:00
dd7433588f
Refactored random byte generation functions.
Jakob Friedl
2025-08-25 20:08:23 +02:00
84f889451c
Update LICENSE
Jakob Friedl
2025-08-22 11:05:49 +02:00
2d58b76998
Update LICENSE
Jakob Friedl
2025-08-22 11:04:11 +02:00
4f0cde381b
Update LICENSE
Jakob Friedl
2025-08-22 10:55:54 +02:00
5922a5b850
Created nimble package and installation instructions.
Jakob Friedl
2025-08-22 10:48:00 +02:00
0ccafaccdd
Cleaned up utils.nim by removing unnecessary functions.
Jakob Friedl
2025-08-21 17:08:46 +02:00
fbb08afe31
Implemented wrapper functions for logging and console output (info, error, success, ...)
Jakob Friedl
2025-08-21 17:02:50 +02:00
c9df7aba64
Improved logging format.
Jakob Friedl
2025-08-21 15:08:52 +02:00
f69adc53a2
Implemented initial version of logging system. Log formatting and content needs to be reworked.
Jakob Friedl
2025-08-20 12:55:09 +02:00
24208f3b4b
Increased delay between listener restarts to deal with segvaults. Still no 100% fix
Jakob Friedl
2025-08-19 21:37:29 +02:00
4a38f76331
Moved some compiler flags to nim.cfg
Jakob Friedl
2025-08-19 21:00:52 +02:00
8fcb60f57c
Implemented replacing agent configuration instead of overwriting the full file.
Jakob Friedl
2025-08-19 20:58:47 +02:00
b023fca124
Implemented encryption for embedded profile.
Jakob Friedl
2025-08-19 20:03:34 +02:00
72fcb0d610
Refactor profile de/serialization, removing unnecessary overhead caused by TLV format.
Jakob Friedl
2025-08-19 14:34:58 +02:00
00a2eb40bf
Added data/[logs/loot] directories to GitHub
Jakob Friedl
2025-08-18 22:09:43 +02:00
84e8730b1e
Implemented profile embedding via patching a placeholder in the agent executable. Agent correctly deserializes and parses the profile and listener configuration.
Jakob Friedl
2025-08-18 22:05:23 +02:00
023a562be5
Implemented server output encoding for task retrieval.
Jakob Friedl
2025-08-17 17:01:50 +02:00
739faf781e
Added more randomization. The profile now supports setting keys to an array of strings, from which a random one is chosen each time (useful for e.g. Host header, etc.)
Jakob Friedl
2025-08-17 16:27:48 +02:00
22c15dd82c
Added randomization to profile strings by replacing '#' with random alphanumerical chars.
Jakob Friedl
2025-08-15 16:18:15 +02:00
c7980d219d
Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now.
Jakob Friedl
2025-08-15 15:42:57 +02:00
5a73c0f2f4
Improved working with profiles by adding helper retrieval functions.
Jakob Friedl
2025-08-14 19:33:32 +02:00
714360ef24
Updated profile system, including dynamic parsing of hidden heartbeats and setting of response headers.
Jakob Friedl
2025-08-14 15:53:58 +02:00
e403ac1c07
Refactored utility functions to make them more readable and removed separate register endpoint.
Jakob Friedl
2025-08-14 12:25:06 +02:00
ee93445739
Refine profile structure.
Jakob Friedl
2025-08-13 21:42:58 +02:00
415cd7ebf8
Started implementing profile system.
Jakob Friedl
2025-08-13 19:32:51 +02:00
b7622dd72f
Updated C2 communication to hide heartbeat data in JWT token.
Jakob Friedl
2025-08-13 13:38:39 +02:00
0e205d34d3
Updated sequence number to uint32
Jakob Friedl
2025-08-06 14:28:54 +02:00
ea00e67e80
Updated ps command output.
Jakob Friedl
2025-08-06 12:46:53 +02:00
dfcafa9c24
Implemented basic "ps" and "env" commands.
Jakob Friedl
2025-08-01 13:16:12 +02:00
0d54b3e64b
Cleaned up parts of the serialization by removing redundant code.
Jakob Friedl
2025-07-28 21:29:47 +02:00
882579b3cb
Implemented sequence tracking.
Jakob Friedl
2025-07-26 18:20:54 +02:00
a6039172b2
Updated README.md
Jakob Friedl
2025-07-25 16:51:18 +02:00
6979c3aa8b
Removed utility function.
Jakob Friedl
2025-07-25 16:47:45 +02:00
7bf135750c
Rework module system. Now modules/commands are defined in a single file each, with both the function executed by teh agent and the definition for server-side argument parsing.
Jakob Friedl
2025-07-25 16:41:29 +02:00
ad31b90687
Added .gitkeep to data/keys directory.
Jakob Friedl
2025-07-24 22:37:30 +02:00
dcf6285a2a
Updated key management to create a new private key file if no existing one is found.
Jakob Friedl
2025-07-24 22:34:12 +02:00
3e9178ec34
Reworked key exchange, now using direct C imports from monocypher instead of nimble modules/libraries.
Jakob Friedl
2025-07-24 17:26:48 +02:00
b6c720ccca
Implemented ECDH key exchange using ed25519 to share a symmetric AES key without transmitting it over the network.
Jakob Friedl
2025-07-24 15:31:46 +02:00
cf4e4a7017
Updated database to store session key (still unencrypted)
Jakob Friedl
2025-07-23 15:25:19 +02:00
cb16a9c571
Updated message flags.
Jakob Friedl
2025-07-23 13:56:43 +02:00
0f065f41a2
Implemented AES256-GCM encryption of all network packets. Requires some more refactoring to remove redundant code and make it cleaner.
Jakob Friedl
2025-07-23 13:47:37 +02:00
36719dd7f0
Changed variable names for clearer structure.
Jakob Friedl
2025-07-22 21:31:18 +02:00
725696ffa5
Implemented Heartbeat/Checkin request with agentId/listenerId in request body to simplify listener URLs
Jakob Friedl
2025-07-22 21:00:39 +02:00
1a3724a2fd
Updated .gitignore with .gitkeep files to keep directory structure
Jakob Friedl
2025-07-21 22:16:09 +02:00
581af47395
Merge commit '9f15026fd1f35346300f65bb6ef04ca023b62ee2'
Jakob Friedl
2025-07-21 22:13:37 +02:00
9f15026fd1
Implemented agent registration to match new binary structure instead of json.
Jakob Friedl
2025-07-21 22:07:25 +02:00
99f55cc04f
Implemented communication with custom binary structure instead of JSON requests
Jakob Friedl
2025-07-19 16:49:27 +02:00
d22ad0bd0c
Agent fetches serialized task data from prologue web server and successfully parses it.
Jakob Friedl
2025-07-18 18:47:57 +02:00
5825ec91a1
Started rewriting JSON task to custom binary structure. Parsed and serialized task object into seq[byte]
Jakob Friedl
2025-07-18 14:24:07 +02:00
310ad82cc5
Updated README
Jakob Friedl
2025-07-16 14:48:21 +02:00
99b017f57f
Cleanup types.nim to only contain type definitions.
Jakob Friedl
2025-07-16 14:45:45 +02:00
292b947a4e
Split task functionality into multiple files.
Jakob Friedl
2025-07-16 12:32:01 +02:00
aae35ef59d
Updated directory structure
Jakob Friedl
2025-07-16 10:33:13 +02:00
668a4984d1
Updated directory structure.
Jakob Friedl
2025-07-15 23:26:54 +02:00
Jakob Friedl