Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).
Awesome work Panagiotis! Last defender Updates seeams to block Payload (rules AMSI) even with encoded or obfuscation
While using kind of hoaxshell script ( nc -l - p 9001 on the C2c host , MDefender with AMSI Cloud protection does not catch it, nor PaloAlto FW..) does this is due to the persistence of the session ?
Awesome work Panagiotis! Last defender Updates seeams to block Payload (rules AMSI) even with encoded or obfuscation While using kind of hoaxshell script ( nc -l - p 9001 on the C2c host , MDefender with AMSI Cloud protection does not catch it, nor PaloAlto FW..) does this is due to the persistence of the session ?