sneaky-creeper icon indicating copy to clipboard operation
sneaky-creeper copied to clipboard

Published 20 hours ago verified publisher icon DakotaNelson

Beaconing Behavior

Open DakotaNelson opened this issue 9 years ago • 1 comments

We should introduce some parameters and configuration around sneaky-creeper's behavior when it comes to reaching out into the Internet.

TODO:

  • [ ] Obey rate limits
  • [ ] Enhance rate limit specifications already in the code so that the rate limits can be specified more accurately, whether they're daily, hourly, every 15 minutes, etc.
  • [ ] Allow for specifying sleep time between beacons
  • [ ] Allow for specifying skew/randomness into beaconing to avoid obvious frequency-domain spikes.

A great example to aspire to a subset of is Cobalt Strike's malleable C2.

DakotaNelson avatar Nov 15 '15 00:11 DakotaNelson

I'd only say that "sleep time between beacons" and "skew/randomness" should not be enforced by our library but by the 3rd-party tool (in our case, the screep example program), since sneaky-creeper is a library now.

I was thinking to about the rate limits yesterday while working on the other issues. I'll try to take a look.

davinerd avatar Nov 15 '15 22:11 davinerd