Violent Fungus is a command and control (C2) software suite, providing red teams post-exploitation persistence and other juicy stuff.

Related tags

Miscellaneous ViolentFungus-C2
Overview

Violent Fungus C2

Still working on this. It is nowhere near a complete functional program.

This project is written in C++ with Qt 5.

Website for this project is at https://sog.re/violentfungus-c2-project/ or https://violentfungus.com (same location)

Core Goals

  • Small binary size.
  • Lean on resources.
  • Able to run on smaller ARM boards with 512MB of RAM and potentially embedded devices.
  • Handle a large number of active agents.
  • Use Qt C++ as much as possible/appropriate.
  • Target GNU/Linux, NetBSD 9+, OpenBSD 6.9+, FreeBSD 13+, Microsoft Windows 10+ and Server 2016+, and Apple macOS 10.5+.
    • Architectures should be somewhat normal including x86, x86-64, ARM32, and ARM64 in particular.

Core Features

  • Support a large number of server services: HTTPS, DNS over UDP, FTP, SMB, ICMP, SMTP, raw TCP, and raw UDP, etc., shooting for more than anyone else.
  • Multi-user server and agents: multiple users can use the server and communicate with the same agents at the same time.
  • Plugin support: Unsure the best way to implement this yet but would be nice if Python plugins were possible as the very least. Perhaps using Qt's signals/slots mechanism?!
  • Agent...
    • relaying: relay communications to the server via other agents and to agents via other agents (return path doesn’t have to be the same).
    • time/day schedules: only operate on certain days and times, such as work hours.
    • queues: queue multiple commands/requests.
    • multiple server service communications: optionally communicate over multiple server services if available (such as multiple DNS queries and then SMTP) within the same session.
    • communication playbooks: predefined communication ordering to emulate normal traffic.
  • Asymmetric and symmetric encryption: rotating keys, key expiration, and using existing industry standards of AES and DSA, for example. Perhaps ChaCha on ARM boards and older processors that don’t have AES instructions available?
  • Decoupled transmission, data chunking, and data modification: allowing for independence at each level, one-to-many relationships, and independent plugin support.
  • Server API: frontends can use the remote server API, allowing for a decoupled experience where user interfaces can be remote and in whatever format is needed.
You might also like...
Microsoft Teams presence report blocker.
Microsoft Teams presence report blocker.

AnonPresence Microsoft Teams presence report blocker. Introduction Microsoft Teams peroticially sends back telemetry and presence data on your activit

Cra0 54 Aug 5, 2022
Techniques based on named pipes for pool overflow exploitation targeting the most recent (and oldest) Windows versions

Table of Contents Table of Contents Introduction Named-Pipes Introduction Exploitation Spraying the non-paged pool Memory Disclosure/Arbitrary Read Co

null 141 Dec 16, 2022
A list of excellent resources for anyone to deepen their understanding with regards to Windows Kernel Exploitation and general low level security.

WinKernel-Resources A list of excellent resources for anyone trying to deepen their understanding with regards to Windows Kernel Exploitation and gene

Vector Security 55 Nov 12, 2022
OverRide - Binary Exploitation and Reverse-Engineering (from assembly into C)
OverRide - Binary Exploitation and Reverse-Engineering (from assembly into C)

OverRide Explore disassembly, binary exploitation & reverse-engineering through 10 little challenges. In the folder for each level you will find: flag

Anya Schukin 69 Sep 22, 2022
Vulnerability Exploitation Code Collection Repository
Vulnerability Exploitation Code Collection Repository

Introduction expbox is an exploit code collection repository List Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution curl -i -s -k -X $'POST' -H $'Hos

0x0021h 263 Feb 14, 2022
vdk is a set of utilities used to help with exploitation of a vulnerable driver.

vdk - vulnerable driver kit vdk is a set of utilities used to help with exploitation of a vulnerable driver. There are 2 main features of this library

Pavel 15 Nov 23, 2022
Matryoshka loader is a tool that red team operators can leverage to generate shellcode for Microsoft Office document phishing payloads.

Overview Matryoshka loader is a tool that red team operators can leverage to generate shellcode for an egghunter to bypass size-limitations and perfor

Praetorian 26 Dec 15, 2022
The MLX90614 is an Infra Red thermometer for noncontact temperature measurements.
The MLX90614 is an Infra Red thermometer for noncontact temperature measurements.

The MLX90614 is an Infra Red thermometer for noncontact temperature measurements.

Shifeng Li 23 Dec 23, 2022
This repo contains information about EDRs that can be useful during red team exercise.

EDRs This repo contains information about EDRs that can be useful during red team exercise. patch_syscall_dynamically64.c This proof-of-concept is res

Mr.Un1k0d3r 1.6k Dec 29, 2022
Owner
Chris Humphries
I like to hack things.
Chris Humphries
GitHub
Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Microsoft Graph API for C2 Operations.

Azure Outlook C2 Azure Outlook Command & Control that uses Microsoft Graph API for C2 communications & data exfiltration. Remotely Control a compromis

Bobby Cooke 328 Dec 25, 2022
a simple project made with a esp32 and some other stuff

pumkin candy dispenser its a really simple candy dispenser that it works with a esp32 ai thinker. I made it for a school project and idk it looks cool

ranon rat 7 Jul 15, 2022
a simple project made with a esp32 and some other stuff

pumpkin candy dispenser its a really simple candy dispenser that it works with a esp32 ai thinker. I made it for a school project and idk it looks coo

ranon rat 7 Jul 15, 2022
Useful cmake macros that help with: compiler/linker flags, collecting sources, PCHs, Unity builds and other stuff.

ucm - useful cmake macros ucm is a collection of cmake macros that help with: managing compiler/linker flags collecting source files with grouping in

Viktor Kirilov 196 Dec 20, 2022
Jaws is an invisible programming language! Inject invisible code into other languages and files! Created for security research -- see blog post

Jaws is an invisible interpreted programming language that was created for antivirus research. Since Jaws code is composed entirely of whitespace char

C.J. May 208 Dec 9, 2022
Threat Emulation and Red Teaming Framework, The Hacking Software for normal people.

The Remote Hacker Probe is a Threat Emulation and Red Teaming Framework built to be easy to use. The Remote Hacker Probe is Feature Rich! Including, K

QuantumCored 179 Jan 5, 2023
Remote hacker probe - Threat Emulation and Red Teaming Framework, The Hacking Software for normal people.

The Remote Hacker Probe is a Threat Emulation and Red Teaming Framework built to be easy to use. The Remote Hacker Probe is Feature Rich! Including, K

Fahad 180 Dec 27, 2022
A fake AMSI Provider which can be used for persistence.

A fake AMSI Provider which can be used for persistence.

netbiosX 129 Jan 7, 2023
A generic post-processing injector for games and video software.

ReShade This is a generic post-processing injector for games and video software. It exposes an automated way to access both frame color and depth info

null 2.9k Dec 28, 2022
Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.

SysmonSimulator SysmonSimulator is an Open source Windows event simulation utility created in C language, that can be used to simulate most of the att

Scarred Monk 744 Dec 25, 2022