0x1 Posted October 12, 2019 Share Posted October 12, 2019 The Faction C2 Framework This is the hidden content, please Sign In or Sign Up Faction is a C2 framework for security professionals, providing an easy way to extend and interact with agents. It focuses on providing an easy, stable, and approachable platform for C2 communications through well documented REST and Socket.IO APIs. Instead of one large monolithic application, Faction is designed loosely around a micro services architecture. Functionality is split into separate services that communicate through message queues. This approach provides several advantages, most important of which is allowing users to quickly be able to learn how the system operates. You can watch a demo of Faction: Spoiler Presentation at Troopers 19 Spoiler Faction consists of four main services: Console: The Faction console is a javascript application that interacts with the Faction API. It can be accessed with any modern browser and serves as the operational entry point to the system. API: The API is the how users, agents, and anything else interacts with Faction. Core: The Core service handles all user and agent messaging, including processing user commands and handling encrypting/decrypting agent messages. Build Servers: Build Servers handle building payloads and modules. They are language specific, allowing Faction to be easily extended to support new languages. Currently Faction supports .NET payloads and modules. Concepts and Terminology Payload: A file or command that is run on a target machine to establish an agent Agent: An instance of an Agent Type that is registered and communicating with Faction. Agent Type: A kind of agent, for example Marauder Modules: Libraries that provide a Faction Agent with additional functionality in the form of commands or transport options. Transport: The combination of a Transport Server and Transport Module Transport Server: A server that sits between a payload/agent and the Faction API. It manipulates API messages so that they can be routed over different transmission methods or obfuscated (or both) Transport Module: A module that allows an agent to talk to a specific kind of Transport Server Download && More info This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts