Ronan Kervella

If I understand correctly, what you could do is ``` implant A ------ mtls via TCP pivot ------> implant B ------ mtls over Wireguard -----> sliver-server ``` Or even use...

In my proposed scenario, it would not. I need to merge the socks PR so we can have socks support on the other transports (mTLS, DNS and HTTP(S)). As of...

I'd love to see an implementation of this in Go. I'm currently using https://github.com/binject/universal to load dylibs, but there's still issues I need to sort out as most of the...

Yes I mean we can load MachO, that's not the issue. The issue is keeping the implant alive. Memory allocated on the heap by the loaded dylibs are garbage collected...

> Disabling GC for the entire process is not a tenable solution. Agreed with @moloch-- , I'd like to find a solution that doesn't rely on these quirks if possible....

Made some progress on the MacOS front by fixing universal's behavior for MacOS 12 and up, thanks to @usiegl00 's PR to metasploit. Once [this PR](https://github.com/Binject/universal/pull/6) is merged, we'll be...

Sounds like a regression. I've tested implant reconnect before merging, but obviously not on a 24h time frame. I'll try to look into it.

Alright, looks like this is the culprit: https://github.com/WireGuard/wireguard-go/blob/355fed440bd066b8aa32e63e04c7f92e7a097d88/device/timers.go#L77-L109 `MaxTimerHandshakes` defaults to `90/5`: https://github.com/WireGuard/wireguard-go/blob/d4112d9096f4bdd68f1a109bb12df82f5f4ca5a0/device/constants.go#L20 I'm trying to reproduce locally, but so far the implant hasn't stopped retrying to connect.

Yes I am. I fucked up my lab this week so I need to fix that first to get a VM for the implant to run continuously. My test environment...

I ran the test last week end and the implant tried to reconnect (both the wg transport and the underlying mtls connection) for the expected duration. Thing is it reached...