💾 Archived View for dioskouroi.xyz › thread › 24998962 captured on 2020-11-07 at 00:50:09. Gemini links have been rewritten to link to archived content

View Raw

More Information

-=-=-=-=-=-=-

Show HN: Oyabun – resilient C2 infrastructure for pentesters

Author: unrooted

Score: 13

Comments: 5

Date: 2020-11-05 15:20:27

Web Link

________________________________________________________________________________

max68 wrote at 2020-11-05 20:24:11:

What’s the benefit of this over an open source tool like Mythic, Covenant, or Sliver?

To me, it seems like evasion is the big plus, but how many people have actually REd this implant? If this tool became popular, I’m sure the Windows Defender team would be able to detect it. It seems like the benefit would be gone at scale.

I wonder if the implant is single or multi staged.

Seems like a neat project. Interested to see how it’ll compete with open source alternatives.

unrooted wrote at 2020-11-05 20:58:42:

* Implant is not static:

certain parts of it's code, such as sandbox detection methods, are embedded only if they are specified by the user

* optional usage of ngrok for communication

* possibility of a two-phase delivery via command stagers

* certificates for both implant and server are loaded from memory

* a great deal of post-exploitation modules, with descriptive names, most modules are multiplatform

* custom key-value communication protocol

* presence of sandbox-detection methods

New version (if the current one will sell) will include possibility to control up to 40 implants with enabled tunnel (and unlimited without it), and 6 new sandbox detection methods.

Also, if you buy our software, we'll provide you with free updates, because maybe, one day AV solutions will detect an implant, so we'll have to change something that will make implants invisible again.

We also plan to add different evasion modules, such as suspender of AV-specific processes.

unrooted wrote at 2020-11-05 15:20:27:

Oyabun - multiplatform, dynamically compiled C2 with tunneling capabilities.

Besides creating Oyabun, we've also created some other tools, which you can find here:

https://github.com/redcode-labs

mavam wrote at 2020-11-05 18:45:55:

It looks shiny. How does Oyabun compare to Cobalt Strike feature-wise?

unrooted wrote at 2020-11-05 21:08:20:

We do not know exactly what possibilities Cobalt offers. Can you tell us what functionalities you have in mind? If our tool lacks them, we'll think about adding them.

Also, seems like the pricing is _slightly_ different.