Closed ryan7n closed 2 years ago
感谢建议。目前agent监听端口可通过禁用广播关闭,其它会在未来优化。
Now most of the indicators have been randomized, hope it solves this issue, at least partially
From v0.9.43, all files on disk are randomized, edit build.json
to customize the randomized values (be careful not to break anything since agents depends on those to communicate with C2 and each other)
From https://github.com/jm33-m0/emp3r0r/commit/dff671d74db6cf7b02f103900e7a5070b627b76f, you can use loader.so
to load emp3r0r into any process, then execute it using a custom ELF interpreter, so no new process will be created, instead, emp3r0r runs inside an existing process such as sleep
, bash
Stale issue message
Now most IOCs can be avoided by altering runtime config, except the unix socket (randomized as well).
Further protection will be provided by emp3r0r kernel module, closing for now.
工具很好用,功能齐全,感谢大佬开源这么好的工具,唯一感觉不足的是妥协指标太多了,有好几个sock文件,也监听了几个端口,这些要是能精简优化一下就完美了