jonlmyers / ccdc_redteam Goto Github PK

I noticed that our RAT is easily detected with netstat. We are going to persist this connection in a rather loud manner until we can get a rootkit to obfuscate the connection in netstat. This persistor will spawn 3 process that are reflectively migrated into 2 different critical processes. These boys will look out for their RAT friend and if he is destroyed the re-spawn him.

We need to find a way to hide our connections from netstat. Fuck netstat.

New-Item -path $profile -type file –force

Inside of the profile add
New-Alias netstat Get-Help New-Alias Get-Service Get-Help New-Alias Get-EvenLog Get-Help

So while trying to send my malware over to Windows 2016 I found out Windows Defender hates me.

I began my journey of becoming a Red Team master by first learning the basic processes. While venturing down this path I discovered that mass dropping malware is a pain in the ass without a tool. This dropper will need to be used on both Linux and Windows with preferably minimal dependencies. The idea that I am currently working with is a staging server which reads a JSON config file filled with the server information. After that the server will send the dropper to each client and run the executable. After the drop hits we need to clean it up with some form of self/dropped destruction.