a3sroot
commented
2 years ago In the current form of Internet attack, it is better to directly replace HTTP with WS, which is nothing more than adding a layer of TLS.
Open a3sroot opened 2 years ago
a3sroot
commented
2 years ago In the current form of Internet attack, it is better to directly replace HTTP with WS, which is nothing more than adding a layer of TLS.
moloch--
commented
2 years ago Yes this will be a priority for us in v1.6, however I'd point out the best approach is to already use a stager, which can be as small as a few hundred bytes.
At present, the volume of binary files generated is relatively large. If you continue to add modules later, sliver may be more like a tool set than a C2. Recently, I have also been studying some hot update schemes to reduce the volume of binary. Although it can also be realized by using loader, the volume problem still needs to be solved after all. 😔
On the server, you can edit some yaml to realize the contents of some planned tasks, such as regular execution, online execution and execution under certain conditions. The agent does not use net/http, but directly reports to net.Conn pushes packets. 😋
tip: Characteristics of golang TLS ja3 fingerprint -> https://github.com/CUCyber/ja3transport