Brute Ratel C4
Last updated
Last updated
Alongside the default HTTPS connections, Badger's DNS over HTTPS provides usability of newly bought domains without the the need of domain fronting or redirector, all the while providing a backup option to be able to switch to other HTTPS profiles on the fly
The SMB and TCP badger provide functionality to write custom External C2 Channels over legitimate websites such as Slack, Discord, Microsoft Teams and more
Badger provides various process injection capabilities and an option to switch between WinAPI to NTAPI to Syscalls on the fly
Badger provides various techniques to hunt EDR userland hooks and DLL, and avoid triggering them using various syscall obfuscation and debugging techniques
Brute Ratel features a seamlessly integrated MITRE graph for all built-in commands providing a user friendly interface for Adversary Simulation activities
Ldap Sentinel provides a rich GUI interface to query various ldap queries to the Domain or a Forest. Whether you want to run SPN queries for a specific user or if you want to query large group objects, all can be done effortlessly using prebuilt queries.
Badger provides mulitple pivot options such as SMB, TCP, WMI, WinRM and managing remote services over RPC.
Use existing brute ratel modules or build your own using in-memory execute of C-Sharp, BOFs, Powershell Scripts or Reflective DLLs and automate the execution of the commands using the Click Script feature
Indirect System Calls
Yes
Yes
Yes
Hide Shellcode Sections in Memory
Yes
Yes
Yes
Multiple Sleeping Masking Techniques
Yes
No
No
Unhook EDR Userland Hooks and Dlls
Yes
No
No
Unhook DLL Load Notifications
Yes
No
No
LoadLibrary Proxy for ETW Evasion
Yes
No
No
Thread Stack Encryption
Yes
Yes
Yes
Badger Heap Encryption
Yes
Yes
Yes
Masquerade Thread Stack Frame
Yes
Yes
Yes
Hardware Breakpoint for AMSI/ETW Evasion
Yes
Yes
Yes
Reuse Virtual Memory For ETW Evasion
Yes
Yes
Yes
Reuse Existing Libraries from PEB
Yes
Yes
Yes
Secure Free Badger Heap for Volatility Evasion
Yes
Yes
Yes
Advanced Module Stomping with PEB Hooking
Yes
Yes
Yes
In-Memory PE and RDLL Execution
Yes
Yes
Yes
In-Memory BOF Execution
Yes
Yes
Yes
In-Memory Dotnet Execution
Yes
Yes
Yes
Network Malleability
Yes
Yes
Yes
Built-In Anti-Debug Features
Yes
Yes
Yes
Module stomping for BOF/Memexec
Yes
Yes
Yes
Dark Vortex provides various trainings related to information security. For a standard list of training programs, visit Dark Vortex or feel free to reach us at chetan@bruteratel.com