The Hunters Hut
The Hunters Hut

ACE-Responder/RogueSliver

Article Excerpt

This tool is for educational purposes only.

property
value
tags
c2,defensive-tradecraft,github-repo,sliver-c2,tradecraft-tool
url
https://github.com/ACE-Responder/RogueSliver
original_word_count
134

Long Summary

RogueSliver is a suite of tools designed to disrupt campaigns using the Sliver C2 framework. It is intended for educational purposes only and is covered in depth on ACEResponder.com. The suite includes ExtractCerts.py, BeaconFlood.py, and HijackBeacon.py.

ExtractCerts.py is used to extract mtls certificates and private keys from a minidump of an infected process. It also extracts the implant ID and mtls endpoints. BeaconFlood.py is used to flood a Sliver C2 server with beacon and session registrations. It requires mtls certificates. HijackBeacon.py is used to hijack a beacon with a valid implant ID and certificates. It can log the attacker's requests and send them some memes. It can also create a new false beacon with just an mtls cert.

Installation of the suite is done by running the command "python -m pip install -r requirements.txt". To use ExtractCerts.py, the command "./ExtractCerts.py sliver.DMP" is used. To use BeaconFlood.py, the command "./BeaconFlood.py 127.0.0.1 8888" is used. To use HijackBeacon.py, the command "./HijackBeacon.py 2aa18069-652a-4484-8ebe-abae87ebc73e 127.0.0.1 8888 -r" is used.

RogueSliver is a suite of tools designed to disrupt campaigns using the Sliver C2 framework. It includes ExtractCerts.py, BeaconFlood.py, and HijackBeacon.py, which are used to extract mtls certificates and private keys, flood a Sliver C2 server with beacon and session registrations, and hijack a beacon with a valid implant ID and certificates, respectively. Installation is done by running the command "python -m pip install -r requirements.txt". The commands for each tool are also provided. This tool is for educational purposes only and is covered in depth on ACEResponder.com.

Short Summary

šŸ““ ACE-Responder/RogueSliver

šŸ‘‰šŸ½ This tool is for educational purposes only. šŸ‘‰šŸ½ RogueSliver disrupts campaigns using the Sliver C2 framework. šŸ‘‰šŸ½ It includes ExtractCerts.py, BeaconFlood.py, and HijackBeacon.py tools. šŸ‘‰šŸ½ ExtractCerts.py extracts mtls certificates, private keys, implant ID, and mtls endpoints. šŸ‘‰šŸ½ BeaconFlood.py floods the Sliver C2 server with beacon and session registrations. šŸ‘‰šŸ½ HijackBeacon.py hijacks a beacon with a valid implant ID and certificates. šŸ‘‰šŸ½ Hijacked beacon can log attacker's requests and send memes or create a false beacon. šŸ‘‰šŸ½ Installation is done by running the command "python -m pip install -r requirements.txt". šŸ‘‰šŸ½ ExtractCerts.py is used with the command "./ExtractCerts.py sliver.DMP". šŸ‘‰šŸ½ BeaconFlood.py is used with the command "./BeaconFlood.py 127.0.0.1 8888". šŸ‘‰šŸ½ HijackBeacon.py is used with the command "./HijackBeacon.py 2aa18069-652a-4484-8ebe-abae87ebc73e 127.0.0.1 8888 -r".

šŸ”— source link: https://github.com/ACE-Responder/RogueSliver

šŸ”— summarized content: https://hut.threathunterz.com/battlefield-intel/tradecraft-tools/ace-responderroguesliver

#RogueSliver #SliverC2 #DisruptCampaigns #MTLSCertificates #EducationalTool

LinkedIn

ThreatHunterz.com