DIY C2 - Malleable Agent Config

Рет қаралды 31,243

IppSec

Күн бұрын

Пікірлер: 39

@Nikolas-mq8bp 2 жыл бұрын

I always watch the videos, but I never comment, that type of video is gold! Please continue!

@ippsec 2 жыл бұрын

Thanks for the comment!

@gokul6120 2 жыл бұрын

Absolutely... Conceptual.. 👍👍👍👍

@ns-yz1hj 2 жыл бұрын

Awesome video! The way you explain things is interesting and easy to understand. It's sometimes hard to find content that talks about more advanced concepts. You can find a million videos and articles on "how to make a meterpreter backdoor" but your videos are in depth.

@TheBrowserPirates 2 жыл бұрын

This is pure gold content, thanks for making these kind of videos

@wkppp4732 2 жыл бұрын

Back to back ippsec vid! Nice. Thanks for the vid ipp!

@jeffstanley2972 2 жыл бұрын

Cool video! I’ve been working with my company to try and implement C2 infrastructure using MQTT.

@rara4 2 жыл бұрын

Very interesting video, the quality never ceases to amaze me

@playmaker1011 2 жыл бұрын

Thanks a lot IppSec, awesome content!🔥🔥🔥

@Pernat1y 2 жыл бұрын

I recently tried to patch binary files using Python, so the video is really useful. Thanks :)

@chai116 2 жыл бұрын

2 problems with the decrypt function in the agent: should be modulo 256, otherwise both 0 and 0xff become 0. And it's currently impossible to encrypt the character Q because that will xor into a zero byte and stop the decrypt early. Maybe encode a length field at the start of the string so you know how far to decrypt? Or just decrypt the whole 2000 everytime?

@amieemaya9472 2 жыл бұрын

Liking without seeing the video first!!!

@emilsrbrden2987 2 жыл бұрын

Yes! Great job, looking forward to more

@surenavdalyan6036 2 жыл бұрын

Ippsec Rocks!!!!!!!!!!

@fowzmasood23 2 жыл бұрын

Bestttttttttt. Ippsec Rocks 👌👌👌🔥🔥🔥😍😍😍

@krisztiankovacs5221 2 жыл бұрын

Thanks for the video man! Hope you'll stick with the idea and make more reverse engineering/DIY low level coding! Much obliged!

@deansmith5007 2 жыл бұрын

Whoop whoop

@deansmith5007 2 жыл бұрын

1st comment

@oscare2676 2 жыл бұрын

A simpler way to loop through the config string in your xor function would be using a while loop, this way you can loop through the string until it hit the null terminator and doesn't require you to add the 0xFF byte and overcomplicate it. Also to add there is no need to modulus the XOR'd character as it is impossible for it to go over 0xFF. while( char c = *encString++) decString += ( c ^ key );

@ippsec 2 жыл бұрын

Yeah the downside is the xor can create the null that you want. The snippet is mostly from another piece of code but I removed the multibyte key and detection. For this your method is probably better, and I want to say I chose this way purposely but in reality I was just pulling from some previous code of mine, then making it less dangerous

@cybersecurity3523 2 жыл бұрын

Good job bro

@varunkumar6223 2 жыл бұрын

char str[2000] is same as const std::string str(2000); at the core both are arrays

@maoropizzagalli4153 2 жыл бұрын

Great video series concept I love it ! I am a vim lover don't get me wrong but it would be way easier in codium or something

@hellsing0999999999 2 жыл бұрын

Heymen! I'm trying to learn to code but just wanted to let you know, your voice is really, REALLY similar to another youtuber called ChainBrain, a rocksmith streamer lol.

@zuiokopl2256 2 жыл бұрын

Whats happening in this video?

@xdgtwjk23_rtfd 2 жыл бұрын

Would I be right if I think this is inspired from the recent C2 drama on Twitter?

@ippsec 2 жыл бұрын

If you go through my tweets even before the drama, I've been pretty vocal over my dislike of the "pay for opsec" companies (ex: twitter.com/ippsec/status/1378521632814288904). This is trying to provide help to the people on the receiving end of that software.

@satanicdominion666 2 жыл бұрын

this could be an interesting thing to turn into options rather than configs lol

@thev01d12 2 жыл бұрын

I tried googling for some resources to develop c2 but couldn't find anything, anyone have any resources to learn the fundamentals about these things so i could get started

@theseenandunseen 2 жыл бұрын

Could you please reference the fork you mention at 2:48? Looks very familiar. Thanks.

@ippsec 2 жыл бұрын

I was just saying the base webapp theme came from a SilentBreakSecurity course, by fork I meant its just my private copy that I continued playing with after the course. It was an extremely basic stage1, I redid the agent but haven't got a chance to redoing the website because I hate creating gui's/websites. If I remember correctly, I added the malleable config/file hosting and changed how module loading operates. The agent was a complete redesign to better evade AV/EDR.

@theseenandunseen 2 жыл бұрын

@@ippsec I see. Well, I hate creating gui's as well. Thank you for your input. Keep up the great work

@stock99 2 жыл бұрын

can this be rewritten in different language such as python or js and achieving the similar result?

@BLACK10GHOST 2 жыл бұрын

I just like this shit!

@N4dirCh 2 жыл бұрын

Sunday Live Night

@devotee9606 2 жыл бұрын

does c2 means Command and control server?

@ippsec 2 жыл бұрын

Yes

@mohameai5997 2 жыл бұрын

0 dislikes 👌

@alessandrodegregori4525 2 жыл бұрын

When I will take the OSCP exam, I will write "PleaseSubscribe" everywhere! and I will use as payload "echo \"Thank You for subscribing to ippsec channel and leave a comment\""