You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
C2 Profile parameters are currently stored within the executable in plaintext. This makes it trivial to pull agent configuration information out of the agent.
I should add obfuscation to c2 profiles that encrypt with a specified key (maybe make it as part of execution guardrails a la DiscerningFinch or by using the default AESPSK generated by the profile)
I can either keep this decrypted in memory, or encrypt and decrypt it at will during sleep/run scenarios.
This likely should also be included as part of a larger obfuscation effort (at the very least renaming classes, methods, and other indicators)
The main points:
Encrypt/Obfuscate the default profile options within the agent (e.g. the callback URL)
Determine how key will be generated used for encryption (e.g. how difficult do we want it to be to pull out the AESPSK?)
Add obfuscation to the underlying code using a tool such as ConfuserEx2 (maybe just in rename mode?)
Implement a more secure way to store the c2 config (e.g. encrypted embedded resource that gets deserialized into its appropriate struct?, egg hunting?)
The text was updated successfully, but these errors were encountered:
C2 Profile parameters are currently stored within the executable in plaintext. This makes it trivial to pull agent configuration information out of the agent.
I should add obfuscation to c2 profiles that encrypt with a specified key (maybe make it as part of execution guardrails a la DiscerningFinch or by using the default AESPSK generated by the profile)
I can either keep this decrypted in memory, or encrypt and decrypt it at will during sleep/run scenarios.
This likely should also be included as part of a larger obfuscation effort (at the very least renaming classes, methods, and other indicators)
The main points:
The text was updated successfully, but these errors were encountered: