Search the Community

The Faction C2 Framework Faction is a C2 framework for security professionals, providing an easy way to extend and interact with agents. It focuses on providing an easy, stable, and approachable platform for C2 communications through well documented REST and Socket.IO APIs. Instead of one large monolithic application, Faction is designed loosely around a micro services architecture. Functionality is split into separate services that communicate through message queues. This approach provides several advantages, most important of which is allowing users to quickly be able to learn how the system operates. You can watch a demo of Faction: Presentation at Troopers 19 Faction consists of four main services: Console: The Faction console is a javascript application that interacts with the Faction API. It can be accessed with any modern browser and serves as the operational entry point to the system. API: The API is the how users, agents, and anything else interacts with Faction. Core: The Core service handles all user and agent messaging, including processing user commands and handling encrypting/decrypting agent messages. Build Servers: Build Servers handle building payloads and modules. They are language specific, allowing Faction to be easily extended to support new languages. Currently Faction supports .NET payloads and modules. Concepts and Terminology Payload: A file or command that is run on a target machine to establish an agent Agent: An instance of an Agent Type that is registered and communicating with Faction. Agent Type: A kind of agent, for example Marauder Modules: Libraries that provide a Faction Agent with additional functionality in the form of commands or transport options. Transport: The combination of a Transport Server and Transport Module Transport Server: A server that sits between a payload/agent and the Faction API. It manipulates API messages so that they can be routed over different transmission methods or obfuscated (or both) Transport Module: A module that allows an agent to talk to a specific kind of Transport Server Download && More info [Hidden Content]