Agent goals

[hulto]

1.0 release - MVP:

• loader functionality. Eldritch is able to execute common red team executable types: DLL, shellcode, .NET, and BOF. This is important to tie in with the existing OST ecosystem and is a high priority for adoption.
• Better define and test how error messages are passed. Error message level (eldritch, golem/imix, network, c2) should be understood and when able communicated. Unclear error messages could cause users to give up on using the project.
• Basic functionality. Eldritch should have feature parity with existing red team ansible playbooks, peass-ng recon script. Reach goal: GScript feature parity. This will make Eldritch a minimal product that can be used for recon, and tie in with loading to execute additional more fully featured payloads.
• Long running jobs. Support eldritch tomes that might run for over 30 minutes (Eg. keylogging, log pulling, cron style persistence). This requires a few things:
  • Real-time tome output collection. Tone output must be read as it's printed instead of from a return variable since it may never return.
  • Task management. Eldritch needs some way to list, and kill running tasks. If a task causes the OS to block a specific resource like a network port the only way to reallocate that port is to kill the task.

X release - Pivoting:

• Using known credentials. To support CCDC and basic red team ops Eldritch should have some way to move from one host to another using known credentials (ssh, winrm, SMB). This should do file upload, download, and execute. Reach goal: having a simple workflow to allow eldritch users to copy to calling binary to the remote system enabling a simple worm to be written in eldritch.
• Network proxying. Enable some form of proxy connection from the user into the target environment. This will enable users to bring their own network based tools (nmap, metasploit, proxychains).
• Reach goals: Codify throwing exploits. In the current plan an exploit
  Could be thrown over the proxy from a users system. In order to better align with the projects goals there should be a codified way to launch an exploit. A naive approach to this could be:
  • the Eldritch function "throw_exploit('ms17-10', options={RHOST:127.0.0.1,RPORT:445})" is called.
  • Eldritch sets up a proxy or port forward (proxy might be better to simplify targeting logic).
  • the C2 managed metasploit connects to the proxy.
  • the C2 managed metasploit throws the exploit using the proxy.
  • the c2 returns any output and success / failure to the agent.
  • the agent closes the proxy returns a value.

Y release - creating context:

• eldritch typing - create strict return types for eldritch functions such as FileMetadata, Process, or NetworkInterface. Create an emit function to serialize and push them back to the c2. This will enable us to create unique UI views per type like a file explorer.
• network mapping - using types create times that enumerate nearby nextwwoek devices, upstream devices, and create a graph visualization to better understand network foothold.
• Turn 3rd party output into typed data - create templates to ingest the output of common tools like rubeus or mimikatz that parse the ascii output into strict eldritch types.