sliver icon indicating copy to clipboard operation
sliver copied to clipboard

Published 20 hours ago verified publisher icon BishopFox

Volume optimization of implant

Open a3sroot opened this issue 2 years ago • 2 comments

  • At present, the volume of binary files generated is relatively large. If you continue to add modules later, sliver may be more like a tool set than a C2. Recently, I have also been studying some hot update schemes to reduce the volume of binary. Although it can also be realized by using loader, the volume problem still needs to be solved after all. 😔

  • On the server, you can edit some yaml to realize the contents of some planned tasks, such as regular execution, online execution and execution under certain conditions. The agent does not use net/http, but directly reports to net.Conn pushes packets. 😋

tip: Characteristics of golang TLS ja3 fingerprint -> https://github.com/CUCyber/ja3transport

a3sroot avatar Jan 08 '22 10:01 a3sroot

In the current form of Internet attack, it is better to directly replace HTTP with WS, which is nothing more than adding a layer of TLS.

a3sroot avatar Jan 08 '22 10:01 a3sroot

Yes this will be a priority for us in v1.6, however I'd point out the best approach is to already use a stager, which can be as small as a few hundred bytes.

moloch-- avatar Jan 08 '22 14:01 moloch--