search

t3l3machus / Villain

Villain is a high level stage 0/1 C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).
Other
3.72k stars 598 forks source link

Very important constructive suggestions #93

Closed Emmp7y closed 2 weeks ago

Emmp7y commented 1 year ago

First when I was testing the Payload test constructing Linux's Python3, my processes and traffic features were all detected

image image image image image

Even the commands I executed were all detected

Secondly, the command executed by the attacker in the process will be displayed very obviously

The administrator is not a fool, it is obvious that Kill will drop this process

image

finally , i wanner give this project some suggestions

Although the current version is slightly regrettable, I still sponsor this project, looking forward to his update

t3l3machus commented 1 year ago

@Emmp7y thank you for the constructive suggestions and your support. There is no claim for undetectable payloads currently in Villain. The default templates I've included that are used to generate payloads are mostly classic reverse shell scripts. I've made videos on how to edit and replace the payload templates with obfuscated versions or create new ones. Payloads that are FUD will not last in the -publicly available free and open source- context. They will get flagged within weeks.

Villain's main role is to handle multiple shell sessions of types TCP socket and HoaxShell while sharing them among connected sibling servers. The direction I am currently working on is not towards supplying people with undetectable payloads but provide a stable and flexible platform for others to build upon.

Lastly, calling this version "regrettable" is not inspiring at all, but I sincerely thank you for your insights and suggestions, I will definitely take them into consideration.

ffsfwnuiaww commented 1 year ago

@Emmp7y thank you for the constructive suggestions and your support. There is no claim for undetectable payloads currently in Villain. The default templates I've included that are used to generate payloads are mostly classic reverse shell scripts. I've made videos on how to edit and replace the payload templates with obfuscated versions or create new ones. Payloads that are FUD will not last in the -publicly available free and open source- context. They will get flagged within weeks.

Villain's main role is to handle multiple shell sessions of types TCP socket and HoaxShell while sharing them among connected sibling servers. The direction I am currently working on is not towards supplying people with undetectable payloads but provide a stable and flexible platform for others to build upon.

Lastly, calling this version "regrettable" is not inspiring at all, but I sincerely thank you for your insights and suggestions, I will definitely take them into consideration.

Sorry, the word Regrettable was translated by Google, I don’t know what the actual meaning

Regarding the behavior of feature detection, I used the Go program to compile and run some detection of EDR completely

image

and Questions about his stability

image

My understanding is that when he started, he was similar to the NC monitoring

However, there will be some space surveying and mapping. When other network port scan and detection behavior, a non -normal client will go online

My suggestion: You can judge whether to go online by generating a specified parameter request

Sorry, English is not my mother tongue. Everything comes from Google Translation

ffsfwnuiaww commented 1 year ago

@Emmp7y thank you for the constructive suggestions and your support. There is no claim for undetectable payloads currently in Villain. The default templates I've included that are used to generate payloads are mostly classic reverse shell scripts. I've made videos on how to edit and replace the payload templates with obfuscated versions or create new ones. Payloads that are FUD will not last in the -publicly available free and open source- context. They will get flagged within weeks.

Villain's main role is to handle multiple shell sessions of types TCP socket and HoaxShell while sharing them among connected sibling servers. The direction I am currently working on is not towards supplying people with undetectable payloads but provide a stable and flexible platform for others to build upon.

Lastly, calling this version "regrettable" is not inspiring at all, but I sincerely thank you for your insights and suggestions, I will definitely take them into consideration.

Um, this github account is my other account, lol