开源远控/C&C工具
https://github.com/alphaSeclab/awesome-rat/blob/master/Readme.mdjavascript
RAT
目录
开源工具
pupy
工具
- [5265星][1m] [Py] n1nj4sec/pupy Python编写的远控、后渗透工具,跨平台(Windows, Linux, OSX, Android)
文章
Covenant
工具
- [1147星][6d] [C#] cobbr/covenant Covenant is a collaborative .NET C2 framework for red teamers.
- [95星][9d] [C#] cobbr/elite Elite is the client-side component of the Covenant project. Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers.
- [31星][4m] [C#] cobbr/c2bridge C2Bridges allow developers to create new custom communication protocols and quickly utilize them within Covenant.
文章
Slackor
工具
文章
QuasarRAT
工具
文章
EvilOSX
工具
- [1376星][2y] [Py] marten4n6/evilosx An evil RAT (Remote Administration Tool) for macOS / OS X.
文章
Merlin
工具
- [2568星][6m] [Go] ne0nd0g/merlin Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
文章
商业软件
Team Viewer
工具
文章
恶意软件(部分)
Gh0st
工具
文章
NanoCore
工具
文章
NjRat
工具
文章
Revenge RAT
工具
文章
PlugX
工具
文章
RemcosRAT
L0rdixRAT
LodaRAT
GulfRAT
NetWireRAT
JhoneRAT
Dacls
BlackRemote
Orcus
NukeSped
DarkComet
WarZone RAT
BlackShades
DenesRAT
WSH RAT
Qrypter RAT
Adwind
CannibalRAT
jRAT
jsRAT
CrossRat
ArmaRat
RokRAT
CatKARAT
TheFatRat
OmniRAT
LuminosityLink
其余
- 2020.02 [proofpoint] Proofpoint Q4 2019 Threat Report and Year in Review — The Year of the RAT Ends with More of the Same
- 2020.01 [sentinelone] CISO Essentials | How Remote Access Trojans Affect the Enterprise
- 2020.01 [TheCyberWire] RATs, backdoors, and a remote code execution zero-day. Hoods breach Mitsubishi Electric. Telnet...
- 2020.01 [freebuf] 针对在有效数字证书内植入远控木马病毒分析报告
- 2020.01 [rambus] Cable Haunt vulnerability can give hackers remote access to approximately 200 million cable modems
- 2020.01 [proofpoint] Threat Insight 2019 in Review: Year of the RAT
- 2019.12 [ptsecurity] Turkish tricks with worms, RATs… and a freelancer
- 2019.12 [infosecinstitute] Malware spotlight: What is a Remote Access Trojan (RAT)?
- 2019.12 [UltraHacks] Dark Shades Android RAT | Ultra Hacks
- 2019.11 [broadanalysis] Fallout Exploit Kit delivers suspect Remote Access Trojan (RAT)
- 2019.11 [carbonblack] Threat Analysis Unit (TAU) Threat Intelligence Notification: AsyncRAT
- 2019.11 [proofpoint] Proofpoint Q3 2019 Threat Report — Emotet’s return, RATs reign supreme, and more
- 2019.10 [tencent] 快Go矿工(KuaiGoMiner)控制数万电脑挖矿,释放远控木马窃取机密
- 2019.10 [4hou] 快go矿工(KuaiGoMiner)控制数万电脑挖矿,释放远控木马窃取机密
- 2019.10 [proofpoint] TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader
- 2019.10 [tencent] “月光(Moonlight)”蠕虫威胁高校网络,中毒电脑被远程控制
- 2019.10 [4hou] “月光(Moonlight)”蠕虫威胁高校网络,中毒电脑被远程控制
- 2019.10 [freebuf] 反间谍之旅:首款安卓远控木马工具分析
- 2019.09 [4hou] 病毒团伙利用phpStudy RCE漏洞批量抓鸡,下发四个远控木马
- 2019.09 [aliyun] 利用badusb对用户进行木马远控
- 2019.09 [sensecy] ARABIC-SPEAKING THREAT ACTOR RECYCLES THE SOURCE CODE OF POPULAR RAT SPYNOTE AND SELLS IT IN THE DARK WEB, AS NEW
- 2019.08 [securelist] Fully equipped Spying Android RAT from Brazil: BRATA
- 2019.08 [talosintelligence] RAT Ratatouille: Backdooring PCs with leaked RATs
- 2019.08 [malware] 2019-08-26 - DATA DUMP: SOCGHOLISH CAMPAIGN PUSHES NETSUPPORT RAT
- 2019.08 [fortinet] Fake Indian Income Tax Calculator Delivers xRAT Variant
- 2019.07 [tencent] 商贸信家族新活跃:利用钓鱼邮件传播商业远控木马RevetRAT
- 2019.07 [freebuf] 关于远控木马你应该了解的知识点
- 2019.07 [trendmicro] Spam Campaign Targets Colombian Entities with Custom-made ‘Proyecto RAT,’ Uses Email Service YOPmail for C&C
- 2019.07 [freebuf] APT34核心组件Glimpse:远控复现与流量分析
- 2019.07 [d] Red Team Diary, Entry #1: Making NSA’s PeddleCheap RAT Invisible
- 2019.07 [yoroi] Spotting RATs: Tales from a Criminal Attack
- 2019.07 [cybersecpolitics] Book Review: Delusions of Intelligence, R.A. RATCLIFF
- 2019.07 [4hou] 探寻木马进化趋势:APT32多版本远控木马Ratsnif的横向分析
- 2019.07 [4hou] 浅谈远控木马
- 2019.07 [freebuf] 投递恶意lnk使用JwsclTerminalServer实现远程控制和信息获取
- 2019.07 [securityintelligence] Taking Over the Overlay: What Triggers the AVLay Remote Access Trojan (RAT)?
- 2019.07 [securityintelligence] Taking Over the Overlay: Reverse Engineering a Brazilian Remote Access Trojan (RAT)
- 2019.07 [talosintelligence] RATs and stealers rush through “Heaven’s Gate” with new loader
- 2019.06 [4hou] 警戒H-worm蠕虫病毒假装电影样片钓鱼,草率点击附件会中远控木马
- 2019.06 [nightst0rm] Tôi đã chiếm quyền điều khiển của rất nhiều trang web như thế nào?
- 2019.06 [4hou] TA505在最新攻击活动中使用HTML, RAT和其余技术
- 2019.06 [trendmicro] Shifting Tactics: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns
- 2019.05 [4hou] 提升恶意软件多任务处理能力的Babylon RAT
- 2019.05 [360] 记一次利用XLM宏投放远控工具的垃圾邮件活动
- 2019.05 [arxiv] [1905.07273] Finding Rats in Cats: Detecting Stealthy Attacks using Group Anomaly Detection
- 2019.05 [freebuf] 基于Python的BS远控Ares实战
- 2019.05 [4hou] C&C远控工具:WebSocket C2
- 2019.04 [paloaltonetworks] BabyShark Malware Part Two – Attacks Continue Using KimJongRAT
- 2019.04 [freebuf] 看我如何揪出远控背后的幕后黑手
- 2019.04 [4hou] C&C远控工具:Ares
- 2019.04 [krebsonsecurity] Who’s Behind the RevCode WebMonitor RAT?
- 2019.04 [freebuf] 门罗币挖矿&远控木马样本分析
- 2019.04 [4hou] 门罗币挖矿+远控木马样本分析
- 2019.04 [4hou] LimeRAT在野外传播
- 2019.04 [yoroi] LimeRAT spreads in the wild
- 2019.04 [alexander] Week 6 Cyberattack Digest 2019 – ExileRAT trojan, Eskom Group, and others
- 2019.03 [360] 木马做者主动提交Tatoo远控后门程序
- 2019.03 [flashpoint] FIN7 Revisited: Inside Astra Panel and SQLRat Malware
- 2019.03 [tencent] 挖矿木马针对SQL服务器爆破攻击 中招可致服务器被远程控制
- 2019.03 [paloaltonetworks] Cardinal RAT Sins Again, Targets Israeli Fin-T
- 2019.03 [aliyun] 分析如何使用JAVA-VBS来传播RAT
- 2019.03 [malware] 2019-03-06 - QUICK POST: KOREAN MALSPAM PUSHES FLAWED AMMYY RAT MALWARE
- 2019.03 [4hou] JAVA+VBS传播RAT
- 2019.03 [mcafee] JAVA-VBS Joint Exercise Delivers RAT
- 2019.02 [dodgethissecurity] Reverse Engineering an Unknown RAT – Lets call it SkidRAT 1.0
- 2019.02 [4hou] ExileRAT与LuckyCat共享C2基础设施
- 2019.02 [freebuf] 小米M365电动滑板车面临黑客攻击和远程控制风险
- 2019.02 [myonlinesecurity] Fake Blockchain authentication update delivers Dark Comet RAT
- 2019.02 [securityartwork] Case study: “Imminent RATs” (III)
- 2019.02 [securityartwork] Case study: “Imminent RATs” (II)
- 2019.02 [securityledger] ExileRAT Malware Targets Tibetan Exile Government
- 2019.02 [securityartwork] Case study: “Imminent RATs” (I)
- 2019.02 [talosintelligence] ExileRAT shares C2 with LuckyCat, targets Tibet
- 2019.02 [0x00sec] Programming language for Remote Access Toolkit
- 2019.01 [angelalonso] Fudcrypt: the service to crypt Java RAT through VBS scripts and Houdini malware
- 2019.01 [yoroi] The Story of Manuel’s Java RAT
- 2019.01 [0x00sec] RATs question. Long break
- 2019.01 [aliyun] 使用AMP技术分析RAT威胁
- 2019.01 [360] 利用Marvell Avastar Wi-Fi中的漏洞远程控制设备:从零知识入门到RCE漏洞挖掘利用(下)
- 2019.01 [aliyun] 使用MS Word文档传播.Net RAT恶意软件
- 2019.01 [tencent] 腾讯电脑管家:“大灰狼”远控木马假装成“会所会员资料”传播
- 2019.01 [360] 利用Marvell Avastar Wi-Fi中的漏洞远程控制设备:从零知识入门到RCE漏洞挖掘利用(上)
- 2019.01 [4hou] 使用MS Word文档传播.Net RAT恶意软件
- 2019.01 [0x00sec] VPS or a VPN for a RAT?
- 2019.01 [talosintelligence] What we learned by unpacking a recent wave of Imminent RAT infections using AMP
- 2019.01 [fortinet] .Net RAT Malware Being Spread by MS Word Documents
- 2019.01 [4hou] TA505将新的ServHelper Backdoor和FlawedGrace RAT添加到其军火库中
- 2019.01 [tencent] 劫持浏览器、远程控制、视频刷量,这种破解激活工具备毒!
- 2019.01 [4hou] 广告恶意软件假装成游戏、远程控制APP感染900万Google play用户
- 2019.01 [UltraHacks] Ozone RAT C++ | Hidden VNC [TUTORIAL VIDEO] | Ultra Hacks
- 2019.01 [micropoor] 高级持续渗透-第八季demo即是远控
- 2019.01 [tencent] 疑似Gorgon组织使用Azorult远控木马针对中国外贸行业的定向攻击活动
- 2019.01 [4hou] JungleSec勒索软件经过IPMI远程控制台感染受害者
- 2019.01 [sans] Remote Access Tools: The Hidden Threats Inside Your Network
- 2018.12 [freebuf] tRat:一种出如今多起垃圾电子邮件活动中的新型模块化RAT
- 2018.12 [k7computing] Scumbag Combo: Agent Tesla and XpertRAT
- 2018.12 [360] Flash 0day + Hacking Team远控:利用最新Flash 0day漏洞的攻击活动与关联分析
- 2018.12 [freebuf] Flash 0day+Hacking Team远控:利用最新Flash 0day漏洞的攻击活动与关联分析
- 2018.11 [4hou] tRat:新模块化RAT
- 2018.11 [proofpoint] tRat: 多个垃圾邮件行动中传播的新型模块化远控
- 2018.11 [checkpoint] October 2018’s Most Wanted Malware: For The First Time, Remote Access Trojan Reaches Top 10 Threats | Check Point Software Blog
- 2018.11 [checkpoint] October 2018’s Most Wanted Malware: For The First Time, Remote Access Trojan Reaches Global Threat Index’s Top 10
- 2018.10 [DEFCONConference] DEF CON 26 CAR HACKING VILLAGE - Dan Regalado - Meet Salinas, 1st SMS commanded Car Infotainment RAT
- 2018.10 [cybrary] “I smell a rat!” – AhMyth, not a Myth
- 2018.10 [4hou] 如何在工业领域中使用RAT进行攻击
- 2018.10 [360] 远控木马盗用网易官方签名
- 2018.10 [ncsc] RATs, Mimikatz and other domestic pests
- 2018.10 [infosecinstitute] Interview with RaT, the High Council President of SOLDIERX
- 2018.10 [vulnerability0lab] Facebook Inc via Instagram Business - Remote Access Token Vulnerability (Original Facebook Video)
- 2018.10 [securityledger] Episode 114: Complexity at Root of Facebook Breach and LoJax is a RAT You Can’t Kill
- 2018.10 [sophos] IP EXPO Europe 2018: Sophos experts talk AI, privacy vs security, and RATs
- 2018.09 [kaspersky] Threats posed by using RATs in ICS
- 2018.09 [kaspersky] Industrial networks in need of RAT control
- 2018.09 [securelist] Threats posed by using RATs in ICS
- 2018.08 [traffic] [2018-08-22] Unknown->RigEK->AZORult->BabylonRAT
- 2018.08 [freebuf] Hero RAT:一种基于Telegram的Android恶意软件
- 2018.08 [4hou] 垃圾邮件活动滥用SettingContent-ms传播FlawedAmmyy RAT
- 2018.08 [aliyun] 基于Telegram的安卓恶意软件HeroRAT分析
- 2018.08 [alienvault] Off-the-shelf RATs Targeting Pakistan
- 2018.07 [k7computing] Weaponized.IQY: A Quest to Deliver the FlawedAmmyy RAT
- 2018.07 [trendmicro] Spam Campaign Abusing SettingContent-ms Found Dropping Same FlawedAmmy RAT Distributed by Necurs
- 2018.07 [k7computing] Weaponized.IQY: A Quest to Deliver the FlawedAmmyy RAT
- 2018.07 [4hou] 高度复杂的寄生虫RAT已出如今暗网
- 2018.07 [proofpoint] Parasite HTTP RAT cooks up a stew of stealthy tricks
- 2018.07 [aliyun] Vermin RAThole深度分析
- 2018.07 [proofpoint] TA505 Abusing SettingContent-ms within PDF files to Distribute FlawedAmmyy RAT
- 2018.07 [welivesecurity] Vermin one of three RATs used to spy on Ukrainian government institutions
- 2018.07 [freebuf] HeroRAT:一款全新的基于Telegram的安卓远程访问木马
- 2018.06 [heimdalsecurity] Security Alert: New Spam Campaign Delivers Flawed Ammyy RAT to Infect Victims’ Computers
- 2018.06 [welivesecurity] HeroRAT: 基于Telegram的Android远控, 使用Xamarin框架编写
- 2018.06 [4hou] 美国政府最新技术警报:警戒朝鲜黑客组织Hidden Cobra正在使用的两款RAT和蠕虫病毒
- 2018.06 [4hou] NavRAT利用美朝元首脑会晤做为对韩国袭击的诱饵
- 2018.06 [360] NavRAT借美朝会晤话题攻击韩国
- 2018.05 [talosintelligence] NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea
- 2018.05 [myonlinesecurity] Necurs delivering Flawed Ammy RAT via IQY Excel Web Query files
- 2018.05 [freebuf] 被黑的Drupal网站被用来挖矿,传播远控,发送诈骗邮件
- 2018.05 [andreafortuna] Malware VM detection techniques evolving: an analysis of GravityRAT
- 2018.05 [360] GravityRAT:以印度为APT目标两年内的演变史
- 2018.05 [pcsxcetrasupport3] A closer look at “NetSupport”(Rat) top 2 layers
- 2018.05 [freebuf] 神话传奇:一款经过卖号在微信群传播的远控木马
- 2018.04 [virusbulletin] GravityRAT malware takes your system's temperature
- 2018.04 [360] 神话传奇——经过卖号微信群传播的远控木马
- 2018.04 [talosintelligence] GravityRAT - The Two-Year Evolution Of An APT Targeting India
- 2018.04 [UltraHacks] WebMonitor RAT - NO PORTFORWARD NEEDED + FREE VPN NEW
- 2018.04 [4hou] 吃鸡辅助远控木马分析
- 2018.04 [freebuf] 吃鸡辅助远控木马分析
- 2018.04 [360] 吃鸡辅助远控木马分析
- 2018.04 [4hou] 利用Digital Ocean构建远控基础设施
- 2018.04 [flashpoint] RAT Gone Rogue: Meet ARS VBS Loader
- 2018.04 [lookout] mAPT ViperRAT Found in Google Play
- 2018.04 [bitdefender] RadRAT: An all-in-one toolkit for complex espionage ops
- 2018.04 [paloaltonetworks] Say “Cheese”: WebMonitor RAT Comes with C2-as-a-Servic
- 2018.04 [freebuf] DELPHI黑客编程(三):简单远控原理实现
- 2018.04 [fireeye] Fake Software Update Abuses NetSupport Remote Access Tool
- 2018.04 [freebuf] PowerShell-RAT:一款基于Python的后门程序
- 2018.03 [UltraHacks] Spynote v5.8 Android RAT | Tutorial | www.ultrahacks.org | Ultra Hacks
- 2018.03 [360] TeleRAT:再次发现利用Telegram来定位伊朗用户的Android恶意软件
- 2018.03 [paloaltonetworks] TeleRAT: Another Android Trojan Leveraging Telegram’s Bot API to Target Iran
- 2018.03 [4hou] 三星SmartCam相机被曝存在十多个安全漏洞,可被远程控制、修改视频画面
- 2018.03 [360] 针对OS X上Coldroot RAT跨平台后门的详细分析
- 2018.03 [freebuf] 前端黑魔法之远程控制地址栏
- 2018.03 [broadanalysis] EiTest campaign Hoefler Text Pop-up delivers NetSupport Manager RAT
- 2018.03 [leavesongs] 前端黑魔法之远程控制地址栏
- 2018.03 [broadanalysis] Fake Flash update leads to NetSupport RAT
- 2018.03 [broadanalysis] EiTest campaign Hoefler Text Pop-up delivers NetSupport Manager RAT
- 2018.03 [4hou] 高清无码!比鬼片还刺激!且听“诡娃”远控的这首惊魂曲
- 2018.03 [freebuf] 高清无码!比鬼片还刺激!且听“诡娃”远控的这首惊魂曲
- 2018.03 [360] 胆小者慎入!比鬼片还刺激!且听“诡娃”远控的这首惊魂曲
- 2018.02 [broadanalysis] Fake Flash update leads to NetSupport RAT
- 2018.02 [broadanalysis] EiTest campaign Hoefler Text Pop-up delivers NetSupport Manager RAT
- 2018.02 [myonlinesecurity] Fake DHL notification delivers some sort of Java RAT
- 2018.02 [4hou] 新的AndroRAT变种正在利用过时的Root漏洞乘机发起攻击
- 2018.02 [objective] Tearing Apart the Undetected (OSX)Coldroot RAT
- 2018.02 [trendmicro] New AndroRAT Exploits Dated Privilege Escalation Vulnerability, Allows Permanent Rooting
- 2018.02 [360] 远控木马巧设“白加黑”陷阱:瞄准网店批发商牟取钱财
- 2018.01 [broadanalysis] EiTest campaign Hoefler Text Pop-up delivers NetSupport Manager RAT
- 2018.01 [4hou] 暴雪游戏存在严重远程控制漏洞,数亿用户受影响
- 2018.01 [riskiq] Espionage Campaign Leverages Spear Phishing, RATs Against Turkish Defense Contractors
- 2018.01 [freebuf] NDAY漏洞CVE-2017-11882与0Day漏洞CVE-2018-0802漏洞组合传播远控木马的样本分析
- 2018.01 [broadanalysis] EiTest campaign Hoefler Text Pop-up delivers NetSupport Manager RAT
- 2018.01 [netskope] Git Your RATs Here!
- 2018.01 [redcanary] We Smell a RAT: Detecting a Remote Access Trojan That Snuck Past a User
- 2018.01 [rsa] Malspam delivers BITTER RAT 01-07-2018
- 2018.01 [freebuf] 移动端C#病毒“东山再起”,利用知名应用通讯实现远控隐私窃取
- 2017.12 [tencent] 经过CHM文件传播的Torchwood远控木马分析
- 2017.12 [avlsec] 移动端C#病毒“东山再起”,利用知名应用通讯实现远控隐私窃取
- 2017.12 [broadanalysis] Fake Flash Player update delivers Net Support RAT
- 2017.12 [netskope] TelegramRAT evades traditional defenses via the cloud
- 2017.12 [4hou] Palo Alto Networks最新发现:UBoatRAT远程木马访问程序入侵东亚
- 2017.12 [TechnoHacker] RATs in a Nutshell
- 2017.11 [paloaltonetworks] UBoatRAT Navigates
- 2017.11 [buguroo] New banking malware in Brazil - XPCTRA RAT ANALYSIS
- 2017.11 [traffic] [2017-11-18] KaiXinEK->RAT
- 2017.11 [freebuf] 经过CHM文件传播的Torchwood远控木马分析
- 2017.11 [qq] 经过CHM文件传播的Torchwood远控木马分析
- 2017.11 [TechnicalMujeeb] A-RAt exploit Tool Remote Access Android using Termux App.
- 2017.11 [securityintelligence] 使用 AutoIt 脚本绕过 AV 检测的远控分析
- 2017.11 [360] Powershell Empire 绕过AV实现远控
- 2017.10 [riskiq] New htpRAT Gives Complete Remote Control Capabilities to Chinese Threat Actors
- 2017.10 [lookout] JadeRAT mobile surveillanceware spikes in espionage activity
- 2017.10 [buguroo] RAT Protection for Banking Customers That Works
- 2017.10 [cylance] Cylance vs. Hacker’s Door Remote Access Trojan
- 2017.10 [malwarebytes] 一个“正常的”Word 文档启动时自动下载恶意的 RTF 文件(利用 CVE-2017-8759),再由此 RTF 文件下载执行最终的 Payload
- 2017.10 [rsa] Malspam Delivers HWorm RAT October, 2017
- 2017.09 [freebuf] 【评论更新“木马”做者回复】“大黄蜂”远控挖矿木马分析与溯源
- 2017.09 [intezer] Agent.BTZ/ComRAT 变种分析
- 2017.09 [360] 分析利用“永恒之蓝”漏洞传播的RAT
- 2017.09 [UltraHacks] SilentBytes RAT 1.6.3c | Multi Administration Tool!
- 2017.09 [freebuf] 螳螂捕蝉黄雀在后,免费散播Cobian远控工具背后的秘密
- 2017.09 [360] 如何远程控制别人的无线鼠标:深度揭露鼠标劫持内幕
- 2017.09 [4hou] “钓鱼”插件实战:看我如何让粗心开发者的编辑器自动变身远控
- 2017.09 [fortinet] 针对越南组织的 APT 攻击中使用的Rehashed 远控分析
- 2017.09 [TechnoHacker] Arcom RAT: Is It Worth $3000?
- 2017.08 [lookout] 安卓远控 xRAT
- 2017.08 [paloaltonetworks] Updated KHRAT Malware Used in Cambodi
- 2017.08 [JackkTutorials] How to make a HTTP RAT (#3)
- 2017.08 [freebuf] 远控木立刻演白利用偷天神技:揭秘假破解工具背后的盗刷暗流
- 2017.08 [4hou] 远控木立刻演白利用偷天神技:揭秘假破解工具背后的盗刷暗流
- 2017.08 [fortinet] A Quick Look at a New KONNI RAT Variant
- 2017.08 [freebuf] 如何把Photoshop改形成远程控制工具(RAT)来利用
- 2017.08 [n0where] Koadic C3 COM Command & Control – JScript RAT
- 2017.08 [cylance] Threat Spotlight: KONNI – A Stealthy Remote Access Trojan
- 2017.08 [cylance] Cylance vs. KONNI RAT
- 2017.08 [intezer] New Variants of Agent.BTZ/ComRAT Found: The Threat That Hit The Pentagon In 2008 Still Evolving; Part 1/2
- 2017.08 [rsa] Malspam delivers Xtreme RAT 8-1-2017
- 2017.07 [CodeColorist] How to turn Photoshop into a remote access tool
- 2017.07 [pentestmag] Stitch – a Python written cross platform RAT
- 2017.07 [freebuf] 【BlackHat 2017】小米9号平衡车国际版存在严重安全漏洞可被攻击者远程控制
- 2017.07 [pentestingexperts] Hacking Android Smart Phone Using AhMyth Android RAT
- 2017.07 [JackkTutorials] How to make a HTTP RAT (#2)
- 2017.07 [ringzerolabs] Bladabindi RAT
- 2017.07 [krebsonsecurity] Who is the GovRAT Author and Mirai Botmaster ‘Bestbuy’?
- 2017.07 [JackkTutorials] How to make a HTTP RAT (#1)
- 2017.06 [freebuf] 白利用的集大成者:新型远控木立刻演移形换影大法
- 2017.06 [pediy] [原创]一个远控木马的行为分析
- 2017.06 [ColinHardy] JavaScript that drops a RAT - Reverse Engineer it like a pro
- 2017.06 [4hou] 白利用的集大成者:新型远控木立刻演移形换影大法
- 2017.06 [360] 白利用的集大成者:新型远控木立刻演移形换影大法
- 2017.06 [freebuf] Metasploit实验:制做免杀payload+对任意“外网”主机的远控
- 2017.06 [cylance] Cylance vs. FF-Rat Malware
- 2017.06 [cylance] Threat Spotlight: Breaking Down FF-Rat Malware
- 2017.06 [alienvault] Mac 平台首个 MaaS(恶意软件即服务)恶意软件 MacSpy 分析
- 2017.05 [TechnoHacker] How to check if you're infected with a RAT in 10 seconds
- 2017.05 [freebuf] 远控木马中的VIP:盗刷网购帐户购买虚拟礼品卡
- 2017.05 [pediy] [原创]从0分析一款经典的感染型远控木马
- 2017.05 [4hou] 远控木马中的VIP:盗刷网购帐户购买虚拟礼品卡
- 2017.05 [sec] 远控木马中的VIP:盗刷网购帐户购买虚拟礼品卡
- 2017.05 [360] 远控木马中的VIP:盗刷网购帐户购买虚拟礼品卡
- 2017.05 [aliyun] FlexiSpy For Android远程控制后门
- 2017.05 [UltraHacks] Imminent Monitor RAT setup & New update review 2017
- 2017.05 [TechnoHacker] How to spread your RAT
- 2017.05 [esecurityplanet] Shodan Partners with Recorded Future to Detect Botnets and RATs
- 2017.04 [alienvault] The Felismus RAT: Powerful Threat, Mysterious Purpose
- 2017.04 [4hou] 二十余款Linksys路由器曝出安全漏洞,或可被远程控制
- 2017.04 [freebuf] 小心,安卓远控(spynote)升级了……
- 2017.04 [paloaltonetworks] Cardinal RAT Active for Over
- 2017.04 [jpcert] RedLeaves - Malware Based on Open Source RAT
- 2017.03 [TechnoHacker] What's the difference between http botnets and RATs?
- 2017.03 [paloaltonetworks] Trochilus and New MoonWind RATs Used In Attack Against Thai Orga
- 2017.03 [fireeye] WMImplant – A WMI Based Agentless Post-Exploitation RAT Developed in PowerShell
- 2017.03 [4hou] CIA事件余波:300多种思科交换机深受其毒,一个0day便可远程控制
- 2017.03 [secist] 基于Python的远程管理工具(RAT) – Stitch
- 2017.03 [trendmicro] MajikPOS简介:PoS恶意软件和RAT的结合体。
- 2017.03 [4hou] Proton RAT利用0day漏洞升级新变种,最低1200美圆可出售
- 2017.02 [UltraHacks] SilentBytes RAT [beta] Windows 10 || PROMOTION ||
- 2017.02 [UltraHacks] SilentBytes RAT Linux Ubuntu || PROMOTION ||
- 2017.02 [UltraHacks] SilentBytes RAT 1.1 [BETA] Mac OS X || PROMOTION ||
- 2017.02 [lookout] ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar
- 2017.02 [talosintelligence] Go RAT, Go! AthenaGo points “TorWords” Portugal
- 2017.02 [netskope] Decoys, RATs, and the Cloud: The growing trend
- 2017.01 [malwarebytes] Mobile Menace Monday: AndroRAT Evolved
- 2017.01 [malwarebytes] From a fake wallet to a Java RAT
- 2016.12 [TechnoHacker] How to remotely execute a RAT on someone's PC
- 2016.12 [cyber] The Kings In Your Castle Part 4 – Packers, Crypters and a Pack of RATs
- 2016.11 [] Linux远控分析
- 2016.11 [] Linux远控分析
- 2016.11 [f] A RAT For The US Presidential Elections
- 2016.11 [fidelissecurity] Down the H-W0rm Hole with Houdini's RAT
- 2016.11 [4hou] 托管在Pastebin上的RAT木马会致使系统蓝屏
- 2016.10 [malwarebytes] Get your RAT on Pastebin
- 2016.10 [8090] 华为P9手机指纹锁遭破解,远程控制插座发微博,智能产品的安全问题堪忧
- 2016.10 [sentinelone] GovRAT is Not New
- 2016.10 [UltraHacks] [$25] Imment Monitor RAT setup
- 2016.09 [securelist] TeamXRat: Brazilian cybercrime meets ransomware
- 2016.09 [freebuf] 远控盗号木马假装成850Game做恶
- 2016.09 [jimwilbur] DroidJack – A Quick Look at an Android RAT
- 2016.09 [360] 远控盗号木马假装成850Game做恶
- 2016.09 [countercept] Do you smell a rat?
- 2016.09 [countercept] Do you smell a rat?
- 2016.09 [freebuf] You dirty RAT:地下网络犯罪世界的“黑吃黑”
- 2016.08 [fortinet] German Speakers Targeted by SPAM Leading to Ozone RAT
- 2016.08 [freebuf] 微信曝远程任意代码执行漏洞,可被远程控制
- 2016.08 [trustlook] Trustlook Discovers a Remote Administration Tool (RAT) Android Malware
- 2016.08 [id] XRat, Team, Corporacao
- 2016.08 [f] NanHaiShu: RATing the South China Sea
- 2016.07 [malwarenailed] Luminosity RAT - Re-purposed
- 2016.07 [360] 披合法外衣的远控木马——Game564深刻分析
- 2016.07 [fidelissecurity] Chasing Down RATs with Barncat
- 2016.07 [n0where] Python Remote Access Tool: Ares
- 2016.07 [360] H-WORM:简单而活跃的远控木马
- 2016.06 [duo] Protecting Remote Access to Your Computer: RDP Attacks and Server Credentials for Sale
- 2016.06 [cybereason] Permission to Execute: The Incident of the Signed and Verified RAT
- 2016.06 [8090] 一款用于定向攻击的JavaScript远控木马分析
- 2016.06 [hackingarticles] HTTP RAT Tutorial for Beginners
- 2016.06 [avlsec] 假借知名应用植入恶意模块,披着羊皮的“狼”来了!WarThunder远程控制木马预警
- 2016.06 [cysinfo] Hunting APT RAT 9002 In Memory Using Volatility Plugin
- 2016.06 [f] Qarallax RAT: Spying On US Visa Applicants
- 2016.06 [qq] 远控木马利用Windows系统文件漏洞展开攻击
- 2016.06 [samvartaka] Dead RATs: Exploiting malware C2 servers
- 2016.05 [freebuf] 深度:远控木马Posion Ivy开始肆虐缅甸和其它亚洲国家
- 2016.05 [trendmicro] Lost Door RAT: Accessible, Customizable Attack Tool
- 2016.04 [pentestpartners] RATing through the Steam Workshop
- 2016.04 [freebuf] DameWare迷你远程遥控漏洞(CVE-2016-2345):让你玩转远程控制器
- 2016.04 [paloaltonetworks] New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy
- 2016.04 [sentinelone] Teaching an old RAT new tricks
- 2016.04 [itsjack] RAT Threat Intelligence – A Very Simple Manual Technique
- 2016.03 [TechnoHacker] How to port forward for any program and how to setup a DNS for RATs
- 2016.03 [malwarebytes] Latest Steam Malware Shows Signs of RAT Activity
- 2016.03 [freebuf] 如何远程控制别人的无线鼠标:深度揭露mouseJack内幕
- 2016.03 [malwarebytes] This Steam Scam is a Rat Race
- 2016.03 [itsjack] Imminent Monitor 4 RAT Analysis – Further Into The RAT
- 2016.02 [TechnoHacker] How to get rid of a RAT [Very in depth]
- 2016.02 [brindi] Advanced Techniques for Detecting RAT Screen Control
- 2016.02 [mindedsecurity] RAT WARS 2.0: Advanced Techniques for Detecting RAT Screen Control
- 2016.01 [fidelissecurity] Introducing Hi-Zor RAT
- 2016.01 [alienvault] Trochilus RAT: Invading your Sandbox
- 2016.01 [itsjack] Imminent Monitor 4 RAT Analysis – A Glance
- 2016.01 [freebuf] “暗影大盗”远控木马分析报告
- 2016.01 [] Linux远控分析
- 2016.01 [ensilo] Cyber-Security in 120 Secs: 0-days, and a new RAT targeting APJ
- 2016.01 [TechnoHacker] How to use all of Xtreme RAT's features
- 2016.01 [freebuf] 一次对JSocket远控的分析
- 2015.12 [paloaltonetworks] BBSRAT Attacks Targeting Russian Organizations Linked to Roam
- 2015.12 [welivesecurity] Europol makes 12 arrests in Remote Access Trojan crackdown
- 2015.11 [360] “大灰狼”远控木马幕后真凶深刻挖掘
- 2015.11 [cylance] Cylance vs. GlassRAT
- 2015.11 [rsa] Detecting GlassRAT using Security Analytics and ECAT
- 2015.11 [freebuf] KillerRat:埃及黑客开发针对Windows平台的新型RAT
- 2015.11 [freebuf] BT天堂网站挂马事件后续:“大灰狼”远控木马分析及幕后真凶调查
- 2015.11 [360] “大灰狼”远控木马分析及幕后真凶调查
- 2015.11 [freebuf] 黑市热卖杀器GovRAT:恶意软件数字签名平台
- 2015.11 [duo] Criminals Leverage Remote Access to Patient Data Applications
- 2015.11 [fidelissecurity] A Stalker’s Best Friend: Inside JSocket’s Android Remote Access Tool Builder
- 2015.10 [threatmetrix] How Contextual Fraud Prevention Can Turn Banks into RAT (Remote Access Trojan) Catchers
- 2015.10 [deepsec] DeepSec Talk: Got RATs? Enter Barn Cat (OSint)
- 2015.10 [360] 另类远控:木马借道商业级远控软件的隐藏运行实现
- 2015.10 [freebuf] 另类远控:木马借道商业级远控软件的隐藏运行实现
- 2015.10 [hackingarticles] Hack Android Devices using Omni RAT
- 2015.10 [duo] Remote Access Trojan (RAT) Targets Windows Environments
- 2015.09 [trustwave] Quaverse RAT: Remote-Access-as-a-Service
- 2015.09 [freebuf] 远程控制工具VNC拒绝服务漏洞分析
- 2015.09 [freebuf] 老式后门之美:五种复古远程控制工具(含下载)
- 2015.09 [kaspersky] A layman’s dictionary: RAT
- 2015.08 [sentinelone] The 7 ‘Most Common’ RATS In Use Today
- 2015.08 [rsa] Detecting XtremeRAT variants using Security Analytics
- 2015.08 [paloaltonetworks] RTF Exploit Installs Italian RAT:
- 2015.08 [fortinet] The Curious Case Of The Document Exploiting An Unknown Vulnerability – Part 2: RATs, Hackers and Rihanna
- 2015.08 [duo] You Built a Better Mousetrap? They Built Better RATs
- 2015.08 [alienvault] FF-RAT Uses Stealth Tactics to Evade Endpoint Detection
- 2015.08 [freebuf] 全程回放:黑客是如何远程控制切诺基汽车的?【FreeBuf视频】
- 2015.08 [securityfuse] Omni RAT which can turn your android phone into a hacking machine
- 2015.07 [redcanary] Red Canary vs. PoshRAT: Detection in the Absence of Malware
- 2015.07 [freebuf] 格盘也没用:Hacking Team使用UEFI BIOS Rootkit将远控长驻操做系统
- 2015.07 [freebuf] 揭秘:Hacking Team远控窃听程序(RCS)的全球热销之路
- 2015.07 [] 简要分析Hacking Team远程控制系统
- 2015.07 [freebuf] 简要分析Hacking Team远程控制系统
- 2015.07 [bromium] Government Grade Malware: a Look at HackingTeam’s RAT
- 2015.07 [nsfocus] 简要分析Hacking Team 远程控制系统
- 2015.07 [talosintelligence] Ding! Your RAT has been delivered
- 2015.06 [guidancesoftware] The OPM Hack: I Smell a RAT
- 2015.05 [freebuf] 移花接木大法:新型“白利用”华晨远控木马分析
- 2015.05 [securelist] Grabit and the RATs
- 2015.05 [] 移花接木大法:新型“白利用”华晨远控木马分析
- 2015.05 [] 移花接木大法:新型“白利用”华晨远控木马分析
- 2015.04 [freebuf] 控制指令高达二十多种:远控木马Dendoroid.B分析报告
- 2015.04 [freebuf] Adobe Flash播放器最新漏洞(CVE-2015-3044):摄像头和麦克风可被远程控制(含视频)
- 2015.03 [freebuf] 剖析Smack技术远控木马
- 2015.03 [avlsec] Smack技术远控木马
- 2015.03 [] Smack技术远控木马工做分析文
- 2015.02 [mcafee] What is a Remote Administration Tool (RAT)?
- 2015.01 [] 移花接木大法:新型“白利用”华晨远控木马分析
- 2015.01 [trendmicro] New RATs Emerge from Leaked Njw0rm Source Code
- 2015.01 [freebuf] CVE-2014-8272漏洞分析:戴尔(Dell)远程控制卡脆弱的Session-ID机制
- 2015.01 [] 远控木马Dendoroid.B分析报告
- 2014.12 [sans] Flushing out the Crypto Rats - Finding "Bad Encryption" on your Network
- 2014.11 [checkpoint] Mobile Security Weekly: Android mRATs, Paid Apps Hacked, Whatsapp Talks Privacy | Check Point Software Blog
- 2014.10 [freebuf] 对手机远程控制软件穿透硬件防火墙的分析和研究
- 2014.10 [freebuf] 针对VBS远控木马的技术分析
- 2014.10 [] VBS远控木马
- 2014.10 [] VBS远控木马
- 2014.10 [airbuscybersecurity] LeoUncia and OrcaRat
- 2014.10 [] “Xsser mRAT”首个X国高级IOS木马
- 2014.10 [checkpoint] Mobile Security Weekly - Lacoon Discovers the Xsser mRAT | Check Point Software Blog
- 2014.10 [lookout] Just the facts: Xsser mRAT iOS malware
- 2014.09 [checkpoint] Lacoon Discovers Xsser mRAT, the First Advanced iOS Trojan
- 2014.09 [checkpoint] Chinese Android mRAT Spyware Targets Hong Kong Protest
- 2014.09 [qq] 新型白利用(暴风)远控木马分析
- 2014.09 [comodo] Warning! RATS Attacking Mobile Devices
- 2014.09 [comodo] Warning! RATS Attacking Mobile Devices
- 2014.08 [] 远控木马伪造通讯协议一例
- 2014.08 [] 远控木马伪造通讯协议一例
- 2014.08 [freebuf] 下一代远程控制木马的思路探讨
- 2014.08 [] 播放器暗藏远控木马 360独家提供查杀方案
- 2014.08 [cert] Android RAT malware spreading via torrents
- 2014.08 [rsa] Finding & Eradicating RATs
- 2014.08 [mcafee] Android App SandroRAT Targets Polish Banking Users via Phishing Email
- 2014.08 [mcafee] Android App SandroRAT Targets Polish Banking Users via Phishing Email
- 2014.07 [bhconsulting] Advanced Fee Fraud Now Plagued By RATs
- 2014.07 [sans] Keeping the RATs out: the trap is sprung - Part 3
- 2014.07 [sans] Keeping the RATs out: **it happens - Part 2
- 2014.07 [sans] Keeping the RATs out: an exercise in building IOCs - Part 1
- 2014.07 [freebuf] 揭秘:独特的技术手段,远程控制你的手机
- 2014.06 [plcscan] Havex Rat又一个针对ICS/SCADA系统的恶意软件
- 2014.05 [malwarebytes] A RAT in Bird’s clothing
- 2014.05 [avlsec] 捆绑包形式远控木马分析报告
- 2014.04 [trendmicro] Old Java RAT Updates, Includes Litecoin Plugin
- 2014.04 [avlsec] Android短信指令远控木马Herta木马分析报告
- 2014.02 [checkpoint] The Spy in Your Pocket, Part 1: An Overview of Mobile Remote Access Trojans (mRATs) | Check Point Software Blog
- 2014.01 [] 远控木马伪造通讯协议一例
- 2014.01 [] 假冒淘宝远控木马
- 2014.01 [] VBS远控木马
- 2014.01 [] Oldboot鬼影又现,另外一例山寨手机中运用云端远控技术的木马
- 2014.01 [] 播放器暗藏远控木马 360独家提供查杀方案
- 2014.01 [] 安卓远控木马黑色产业链渐成气候,谨防手机变“肉鸡”
- 2014.01 [] 国内首个利用JavaScript脚本远控木马的技术分析报告
- 2013.12 [pediy] [原创]逆向笔记--某远控的隐藏技术
- 2013.11 [sensepost] RAT-a-tat-tat
- 2013.11 [freebuf] 黑客可远程控制你的手机 – Android 4.4惊爆漏洞(含EXP)
- 2013.10 [freebuf] RAT终结者在APT中的演变复杂化
- 2013.10 [trendmicro] Dutch TorRAT Threat Actors Arrested
- 2013.10 [privacy] CuteCats.exe and the Arab Spring 2: Social Engineering and Remote Access Toolkits
- 2013.09 [comodo] Super RATS? Comodo has Built a Better Mousetrap!
- 2013.09 [comodo] Super RATS? Comodo has Built a Better Mousetrap!
- 2013.09 [freebuf] 苹果新技术容许政府远程控制你的iPhone
- 2013.08 [pediy] [开源兼求职]Web远程控制软件
- 2013.07 [trendmicro] Compromised Sites Conceal StealRat Botnet Operations
- 2013.07 [talosintelligence] Androrat - Android Remote Access Tool
- 2013.06 [freebuf] Android远程控制工具——AndroRat
- 2013.04 [webroot] A peek inside a (cracked) commercially available RAT (Remote Access Tool)
- 2013.04 [rapid7] Weekly Update: Minecraft RAT Attacks, PHP Shell Games, and MongoDB
- 2013.04 [quequero] McRat Malware Analysis – Part1
- 2013.04 [webroot] DIY Java-based RAT (Remote Access Tool) spotted in the wild
- 2013.02 [trendmicro] BKDR_RARSTONE: New RAT to Watch Out For
- 2013.01 [trendmicro] Hiding in Plain Sight: The FAKEM Remote Access Trojan
- 2012.11 [trendmicro] Tsunami Warning Leads to Arcom RAT
- 2012.11 [trendmicro] New Xtreme RAT Attacks US, Israel, and Other Foreign Governments
- 2012.10 [forcepoint] Iranian Firefighters' Website Compromised to Serve VertexNet RAT
- 2012.10 [mcafee] Tool Talk: Cracking the Code on XtremeRAT
- 2012.10 [trendmicro] Xtreme RAT Targets Israeli Government
- 2012.08 [forcepoint] Nepalese government websites compromised to serve Zegost RAT
- 2012.08 [sans] Digital Forensics Case Leads: Multi-plat RAT, No US Cybersecurity bill, Dropbox drops a doozie, Volatility everywhere
- 2012.07 [freebuf] 远程控制工具—RAIORemote
- 2012.07 [freebuf] 用Nmap脚本检测Poison Ivy Rat控制端
- 2012.07 [freebuf] [原创]PoisonIvy Rat 远程溢出实战
- 2012.06 [alienvault] Capfire4 malware, RAT software and C&C service together
- 2012.06 [malwarebytes] RATs of Unusual Sizes
- 2012.05 [welivesecurity] Malware RATs can steal your data and your money, your privacy too
- 2012.05 [freebuf] 开源linux远程控制工具 – n00bRAT
- 2012.03 [alienvault] MS Office exploit that targets MacOS X seen in the wild - delivers "Mac Control" RAT
- 2012.03 [trustwave] Dirty RAT Eats Nate's Banana
- 2011.09 [securitythinkingcap] RAT Hacking Evidence fresh from the source
- 2011.09 [trendmicro] Online Storage—A Godsend for Sentimental Pack Rats (like me)
- 2011.09 [hackerhurricane] (W)(I) Your GM OnStar enabled car will rat you out starting Dec 2011
- 2011.08 [microsoft] Weekly Roundup : Aug 12, 2011 : Dissecting a Shady Rat
- 2011.08 [microsoft] Weekly Roundup : Aug 12, 2011 : Dissecting a Shady Rat
- 2011.08 [bhconsulting] Operation Shady RAT Claims Widespread Espionage
- 2011.05 [krebsonsecurity] Something Old is New Again: Mac RATs, CrimePacks, Sunspots & ZeuS Leaks
- 2011.05 [mcafee] I Smell a RAT: Java Botnet Found in the Wild
- 2011.04 [pediy] [原创]解决远控重复上线的源码
- 2011.01 [cleanbytes] AdSocks RAT — about the new Java trojan computer viruses
- 2010.10 [sans] Cyber Security Awareness Month - Day 19 - Remote Access Tools
- 2010.09 [pediy] [翻译]Windows操做系统木马远程控制技术
- 2010.09 [pediy] [原创]利用qq2010聊天信息获取,打造本身的远程控制
- 2008.09 [sans] The Lab Rat - Testing Digital Forensics Tools and Gear
- 2008.01 [trendmicro] Will 2008 Really Be The ‘Year of The Rat’?
- 2006.11 [trendmicro] TROJ_STRAT Spams Again
- 2005.06 [infosecblog] Rats!
利用公开服务
Telegram
工具
文章
Twitter
工具
- [658星][4y] [Py] paulsec/twittor A fully featured backdoor that uses Twitter as a C&C server
- [186星][3y] [Go] petercunha/goat a trojan created in Go, using Twitter as a the C&C server
文章
GMail
工具
文章
Github
工具
文章
DropBox
工具
- [134星][1y] [Py] 0x09al/dropboxc2c DropboxC2C is a post-exploitation agent which uses Dropbox Infrastructure for command and control operations.
文章
区块链
工具
- [46星][1y] [Go] xpn/blockchainc2 A POC C2 server and agent to explore just if/how the Ethereum blockchain can be used for C2
- [35星][3m] [Py] geek-repo/c2-blockchain This is a concept poc of command and control server implemented over blockchain
文章
其余
工具
文章
通讯协议
DNS协议
Domain Generation Algorithm(DGA)
工具
文章
工具
- [1855星][8m] [C++] iagox86/dnscat2 在 DNS 协议上建立加密的 C&C channel
- [832星][6d] [Go] bishopfox/sliver 一个通用的跨平台植入程序框架,该框架C3支持Mutual-TLS,HTTP(S)和DNS
- [386星][4y] [Py] ahhh/reverse_dns_shell 使用DNS做为c2通道的python反向shell
- [277星][1y] [Py] trycatchhcf/packetwhisper Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
- [276星][4m] [Go] sensepost/godoh A DNS-over-HTTPS Command & Control Proof of Concept
- [225星][2y] [PS] lukebaggett/dnscat2-powershell A Powershell client for dnscat2, an encrypted DNS command and control tool.
- [176星][2y] [C++] 0x09al/dns-persist DNS-Persist is a post-exploitation agent which uses DNS for command and control.
- [41星][2m] [Erlang] homas/ioc2rpz ioc2rpz is a place where threat intelligence meets DNS.
- [38星][2m] [JS] inquest/threatkb Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)
文章
ICMP
文章
WebSocket
工具
文章
C&C
Cobalt Strike
工具
文章
工具
新添加
- [1135星][13d] [Boo] byt3bl33d3r/silenttrinity An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR
- [614星][12d] [Py] trustedsec/trevorc2 经过正常的可浏览的网站隐藏 C&C 指令的客户端/服务器模型,由于时间间隔不一样,检测变得更加困难,而且获取主机数据时不会使用 POST 请求
- [575星][3m] [PS] nettitude/poshc2_old Powershell C2 Server and Implants
- [478星][5m] [C++] fsecurelabs/c3 一个用于快速定制C2通道原型的框架,同时仍提供与现有攻击性工具包的集成。
- [442星][3y] [CSS] graniet/chromebackdoor 一个渗透测试工具PoC,使用MITB技术在启动后生成Windows可执行文件“ .exe”,并在大多数流行的浏览器上运行恶意扩展或脚本,并经过C&C发送全部DOM数据。
- [336星][12d] [PS] nettitude/poshc2 Python Server for PoshC2
- [325星][1y] [C#] spiderlabs/dohc2 DoHC2 allows the ExternalC2 library from Ryan Hanson (
- [273星][4m] [Py] felixweyne/imaginaryc2 辅助对恶意软件进行行为(网络)分析,python
- [205星][3y] [Py] countercept/doublepulsar-c2-traffic-decryptor 处理PCAP文件,解密发送到DOUBLEPULSAR implant的C2流量
- [186星][2y] [Py] woj-ciech/daily-dose-of-malware Script lets you gather malicious software and c&c servers from open source platforms like Malshare, Malcode, Google, Cymon - vxvault, cybercrime tracker and c2 for Pony.
- [155星][7d] [Py] chrispetrou/hrshell HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.
- [136星][2y] [Py] pjlantz/hale Botnet command & control monitor
- [132星][10m] [C] treehacks/botnet-hackpack Build a basic Command & Control botnet in C
- [130星][6d] [Py] mhaskar/octopus Open source pre-operation C2 server based on python and powershell
- [125星][7d] [JS] p3nt4/nuages A modular C2 framework
- [99星][6d] [Py] ziconius/fudgec2 FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.
- [83星][5y] [Py] maldroid/maldrolyzer Simple framework to extract "actionable" data from Android malware (C&Cs, phone numbers etc.)
- [79星][9m] [C++] watersalesman/aura-botnet A super portable botnet framework with a Django-based C2 server. The client is written in C++, with alternate clients written in Rust, Bash, and Powershell.
- [70星][14d] [Py] angus-y/pyiris-backdoor a modular, stealthy and flexible remote-access-toolkit written completely in python used to command and control other systems.
- [68星][1m] [C#] maraudershell/marauder A .NET agent for the Faction C2 Framework
- [67星][5m] [HTML] project-prismatica/prismatica Responsive Command and Control System
- [58星][1y] [C#] mdsecactivebreach/browser-externalc2 External C2 Using IE COM Objects
- [56星][2y] [Go] averagesecurityguy/c2 A simple, extensible C&C beaconing system.
- [48星][3m] [Shell] professionallyevil/c4 Cyberdelia, a Collection of Command and Control frameworks
- [44星][30d] [JS] shadow-workers/shadow-workers C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW)
- [41星][2y] [Py] v1v1/sleight Empire HTTP(S) C2 redirector setup script
- [39星][1y] [PS] outflanknl/doh_c2_trigger Code for blogpost:
- [38星][12d] [C#] sf197/telegra_csharp_c2 Command and Control for C# Writing
- [37星][11m] [Go] prsecurity/golang_c2 Boilerplate C2 written in Go for red teams
- [31星][16d] [Py] qsecure-labs/overlord Overlord - Red Teaming Infrastructure Automation
- [30星][6y] [PS] enigma0x3/powershell-c2
- [24星][1y] prsecurity/neutrino Neutrino C2 Source Code
- [23星][25d] [Go] audibleblink/bothan Is this IP a C2 server?
- [19星][1y] tevora-threat/rt_redirectors Ansible role to configure redirectors for red team C2
- [18星][5y] [PS] et0x/c2 Methods of C2
- [18星][1m] [Py] marcorosa/cnc-botnet-in-python C&C Botnet written in Python with fabric
- [17星][1y] [C] kiwidoggie/oni-framework Embedded systems C2 software written in C/C#
- [17星][3y] [Go] pandipanda69/my-little-honeypot This repository aims to show how easy it is to code a telnet honeypot in order to recovering IOT malwares, and thus, active Command & Control.
- [17星][4m] stvemillertime/absolutely-positively-not-hacking-back-with-pcap Streaming Unexpected Network Byte Sequences with High Probability of Blue Screening or Otherwise Crashing Attacker Command-and-Control Nodes
- [16星][4y] [Py] hasherezade/bunitu_tests Scripts for communication with Bunitu Trojan C&Cs
- [16星][6m] [C] blacchat/xzf EXIF-based command and control PoC
- [16星][10m] [Py] daniel-infosec/wikipedia-c2 POC for utilizing wikipedia API for Command and Control
- [14星][5y] [Py] nocow4bob/pix-c2 Ping Exfiltration Command and Control (PiX-C2)
- [14星][3y] [Py] secarmalabs/indushell PoC C&C for the Industroyer malware
- [14星][5m] [C#] immersive-command-system/immersivedroneinterface aerial vehicle command and control platform, designed for immersive interfaces (such as the Oculus Rift).
- [11星][4m] [Py] jacobsoo/amtracker Android Malware Tracker
- [10星][12m] [Dockerfile] d3vzer0/cnc-relay Docker projects to retain beacon source IPs using C2 relaying infra
- [10星][9m] [Py] m8r0wn/transportc2 PoC Command and Control Server. Interact with clients through a private web interface, add new users for team sharing and more.
- [10星][3y] [Py] r3mrum/loki-parse A python script that can detect and parse loki-bot (malware) related network traffic. This script can be helpful to DFIR analysts and security researchers who want to know what data is being exfiltrated to the C2, bot tracking, etc...
- [9星][4m] [Py] degenerat3/meteor Cross-platform C2 with modules for TCP, web, and more soon to come
- [8星][2m] [Py] jacobsoo/malconfig This is part of a module for the framework that i'm constantly developing. Currently only information of the C2 are disclosed here.
- [8星][3y] [Py] killswitch-gui/flask_heroku_redirector flask heroku C2 redirector template
- [8星][5m] [Py] r00k5a58/pyc2 simple c2 written in python to demonstrate security concepts
- [8星][11m] tothi/kali-rpi-luks-crypt Full disk encryption for Kali on Raspberry using LUKS
- [8星][25d] [Go] xorrior/apfell-chrome-extension-c2server Apfell C2 Server for the Google Chrome Extension Payload
- [7星][3y] [PS] 0sm0s1z/invoke-selfsignedwebrequest This repo exists as a quick and dirty arsenal of methods and scripts to subvert .NET SSL/TLS certificate validation in PowerShell and press on with the hack!
- [6星][2y] [C#] jaydcarlson/c2-printf 经过 Silicon Labs C2 调试器链接打印跟踪消息
- [6星][5m] [Py] m507/m-botnet A C2 project that controls a self-propagating MS17-010 worm.
- [5星][3y] [Py] killswitch-gui/flask_pythonanywhere_redirector flask pythonanywhere C2 redirector template
- [4星][3y] [Py] mellow-hype/c2finder Look for un-sinkholed C&C IPs in your Bro logs (from Bambanek Consulting C&C master list)
- [4星][2y] [PHP] nao-sec/ramnit_traffic_parser Parsing Ramnit's traffic
- [3星][23d] [C++] lima-x-coding/win32.-d0t-nix.c2 A C/C++ recreation off the original Win32.VB.Illerka.C Virus by Michael [APFX]
- [0星][2y] [Py] bizdak/silverboxcc Reverse engineered android malware, and this is a C&C server for it
- [0星][2y] boaxboax/ctf-quaorar
文章
新添加
- 2019.12 [prsecurity] Casual Analysis of Valak C2
- 2019.11 [talosintelligence] C2 With It All: From Ransomware To Carding
- 2019.10 [activecountermeasures] MITRE ATT&CK Matrix – Custom C2 Protocol
- 2019.10 [HackersOnBoard] Digital Vengeance Exploiting the Most Notorious C&C Toolkits
- 2019.10 [HackersOnBoard] Black Hat USA 2017 Infecting the Enterprise Abusing Office365+Powershell for Covert C2
- 2019.10 [rapid7] Open-Source Command and Control of the DOUBLEPULSAR Implant
- 2019.09 [carbonblack] CB TAU Threat Intelligence Notification: Common to Russian Underground Forums, AZORult Aims to Connect to C&C Server, Steal Sensitive Data
- 2019.09 [BlackHat] Flying a False Flag: Advanced C2, Trust Conflicts, and Domain Takeover
- 2019.09 [lockboxx] MacOS Red Teaming 209: macOS Frameworks for Command and Control
- 2019.09 [activecountermeasures] MITRE ATT&CK Matrix – C2 Connection Proxy
- 2019.09 [freebuf] 摩诃草团伙利用公用平台分发C&C配置攻击活动揭露
- 2019.09 [trendmicro] Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions
- 2019.08 [deepsec] DeepSec2019 Talk: Android Malware Adventures – Analyzing Samples and Breaking into C&C – Kürşat Oğuzhan Akıncı & Mert Can Coşkuner
- 2019.08 [KindredSecurity] Code/Design Analysis of the redViper C2 Communication Protocol
- 2019.07 [trendmicro] Keeping a Hidden Identity: Mirai C&Cs in Tor Network
- 2019.07 [vishal] Emotet C2 July2019Wk4
- 2019.07 [freebuf] Linux平台ibus蠕虫C&C模块源码分析
- 2019.07 [freebuf] 利用SSH隧道加密、隐蔽C&C通讯流量
- 2019.07 [4hou] Linux平台ibus蠕虫C&C模块源码分析
- 2019.07 [trendmicro] New Miori Variant Uses Unique Protocol to Communicate with C&C
- 2019.07 [binaryedge] Guest Post: Using BinaryEdge to hunt for Panda Banker C2 servers and Android Malware
- 2019.05 [sentinelone] Emotet: The Story of Disposable C2 Servers
- 2019.05 [cobbr] Designing Peer-To-Peer Command and Control
- 2019.04 [specterops] Designing Peer-To-Peer Command and Control
- 2019.04 [trendmicro] Emotet Adds New Evasion Technique and Uses Connected Devices as Proxy C&C Servers
- 2019.04 [paloaltonetworks] Aggah Campaign: Bit.ly, BlogSpot, and Pastebin Used for C2 in Large Scale
- 2019.04 [hackingarticles] Command & Control: Ares
- 2019.04 [hackingarticles] Command & Control: WebDav C2
- 2019.04 [arxiv] [1904.05119] Reconstruction of C&C Channel for P2P Botnet
- 2019.04 [carbonblack] CB TAU Threat Intelligence Notification: Email VBS Downloader Connects to C2 Server, Downloads Trickbot Payload
- 2019.04 [TROOPERScon] TR19: Introducing Faction: A modern, powerful, multiplayer C2 framework
- 2019.03 [hackingarticles] Command & Control: Silenttrinity Post-Exploitation Agent
- 2019.03 [0x00sec] Build C&C architecture
- 2019.03 [sophos] Emotet 101, stage 4: command and control
- 2019.02 [inyour] Apache mod_python C2 Proxy
- 2019.02 [hackingarticles] TrevorC2 – Command and Control
- 2019.02 [mdsec] External C2, IE COM Objects and how to use them for Command and Control
- 2019.02 [welivesecurity] DanaBot Trojan updated with new C&C communication
- 2019.01 [freebuf] 在标准SSH隧道中隐藏C&C流量
- 2019.01 [hackingarticles] Koadic – COM Command & Control Framework
- 2019.01 [blackhillsinfosec] SSHazam: Hide Your C2 Inside of SSH
- 2019.01 [4hou] C&C浏览器
- 2019.01 [sans] #TheC2Matrix: Comparing C2 Frameworks
- 2019.01 [sans] Covert Channels & Command and Control Innovation
- 2018.12 [securelayer7] 恶意代码C&C服务器基本解读
- 2018.12 [securelayer7] Basic Understanding of Command and Control Malware Server
- 2018.12 [myonlinesecurity] Lokibot campaigns continue with some changes to C2 urls
- 2018.11 [360] 使用邮件实现C&C通讯:新型木马Cannon分析
- 2018.11 [trendmicro] Perl-Based Shellbot Looks to Target Organizations via C&C
- 2018.10 [cofense] America’s First: US Leads in Global Malware C2 Distribution
- 2018.08 [vanimpe] How to Leverage Log Services to Analyze C&C Traffic
- 2018.08 [nsfocus] Turla变种针对Microsoft Outlook后门发起C&C攻击
- 2018.08 [nettitude] Extending C2 Lateral Movement – Invoke-Pbind
- 2018.07 [syspanda] Threat Hunting: Fine Tuning Sysmon & Logstash to find Malware Callbacks C&C
- 2018.07 [freebuf] 蓝宝菇(APT-C-12)最新攻击样本及C&C机制分析
- 2018.07 [360] 天眼实验室:蓝宝菇(APT-C-12)最新攻击样本及C&C机制分析
- 2018.07 [trendmicro] 黑客组织 Blackgear 活动再现: 使用社交网络作C&C
- 2018.07 [esentire] Living Off the Land – The Command and Control Phase
- 2018.06 [whitecatsec] Lazarus C2 - miło Cię upolować
- 2018.06 [ironcastle] SMTP Strangeness – Possible C2, (Fri, Jun 15th)
- 2018.06 [sans] SMTP Strangeness - Possible C2
- 2018.06 [pentestlab] Command and Control – Browser
- 2018.06 [nanxiao] Add CC&CXX environment variables in your OpenBSD profile
- 2018.06 [newskysecurity] Hacker Fail: IoT botnet command and control server accessible via default credentials
- 2018.06 [newskysecurity] Hacker Fail: IoT botnet command and control server accessible via default credentials
- 2018.06 [cobaltstrike] Broken Promises and Malleable C2 Profiles
- 2018.05 [vanimpe] Diving into the VPNFilter C2 via EXIF
- 2018.05 [netspi] Databases and Clouds: SQL Server as a C2
- 2018.05 [securelist] VPNFilter EXIF to C2 mechanism analysed
- 2018.05 [blackhillsinfosec] C2, C3, Whatever It Takes
- 2018.05 [0x00sec] Tyrannosaurus reproduced fast and died young: A malicious host/IP/C&C from China, 2016 to present
- 2018.05 [360] 2018全国网络空间安全技术大赛web&misc&crypto题解
- 2018.05 [pentestingexperts] Threat Hunting – Command and Control Center – OFFICE WORK
- 2018.05 [ironcastle] Reversed C2 traffic from China, (Fri, May 11th)
- 2018.05 [sans] Reversed C2 traffic from China
- 2018.05 [countercept] Retrieving Meterpreter C2 from Memory
- 2018.05 [countercept] Retrieving Meterpreter C2 from Memory
- 2018.04 [360] 用Apache mod_rewrite来保护你的Empire C2
- 2018.04 [4hou] 使用Angr将本身伪形成C&C服务器以研究恶意软件的通讯协议
- 2018.04 [bluescreenofjeff] HTTPS Payload and C2 Redirectors
- 2018.03 [findingbad] C2 Hunting
- 2018.03 [blackhillsinfosec] How to Build a Command & Control Infrastructure with Digital Ocean: C2K Revamped
- 2018.03 [akijosberryblog] 使用ActiveDirectory作C&C
- 2018.03 [blackhillsinfosec] WEBCAST: Tweets, Beats, and Sheets: C2 over Social Media
- 2018.03 [infosecinstitute] Threat Hunting – Command and Control Center - OFFICE WORK
- 2018.02 [woj] Command and control server in social media (Twitter, Instagram, Youtube + Telegram)
- 2018.02 [xorl] Multi-stage C&C and Red Teams
- 2018.01 [woj] OSINT : Chasing Malware + C&C Servers
- 2018.01 [pentestlab] Command and Control – JavaScript
- 2018.01 [f5] Mirai is Attacking Again, So We’re Outing its Hilarious, Explicit C&C Hostnames
- 2018.01 [pentestlab] Command and Control – Web Interface
- 2018.01 [pentestlab] Command and Control – Images
- 2017.12 [invokethreat] Thoughts on C2 Designs and Tradecraft
- 2017.12 [benkowlab] Another normal day in cybercrime: from a random Loki sample to 550 C&C
- 2017.12 [obscuritylabs] Docker Your Command & Control (C2)
- 2017.12 [4hou] 假借可信的在线服务进行C&C攻击
- 2017.12 [MSbluehat] BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-Control Traffic
- 2017.11 [virusbulletin] VB2017 paper: Offensive malware analysis: dissecting OSX/FruitFly.B via a custom C&C server
- 2017.11 [pentestlab] Command and Control – WMI
- 2017.11 [pentestlab] Command and Control – Website
- 2017.11 [malwaretech] 如何识别僵尸软件 Emotet 的C&C 基础设施
- 2017.11 [virusbulletin] VB2017 video: Turning Trickbot: decoding an encrypted command-and-control channel
- 2017.11 [thevivi] Securing your Empire C2 with Apache mod_rewrite
- 2017.10 [hackersgrid] trevorc2介绍
- 2017.10 [trustedsec] TrevorC2 – Legitimate Covert C2 over Browser Emulation
- 2017.10 [Cooper] Hack.lu 2017 Digital Vengeance: Exploiting Notorious C&C Toolkits by Waylon Grange
- 2017.10 [4hou] 使用FTP的系统控制后门做为C&C通道
- 2017.10 [trendmicro] 使用 FTP 服务器作 C&C的恶意软件 SYSCON
- 2017.10 [pentestlab] Command and Control – HTTPS
- 2017.10 [pentestlab] Command and Control – Kernel
- 2017.09 [virusbulletin] VB2017 preview: Offensive malware analysis: dissecting OSX/FruitFly.B via a custom C&C server
- 2017.09 [venus] 新型 Android 银行木马“MoqHao”利用社交网络隐藏 C&C 服务器
- 2017.09 [talosintelligence] CCleaner Command and Control Causes Concern
- 2017.09 [pentestlab] Command and Control – Website Keyword
- 2017.09 [tevora] SecSmash: Leveraging Enterprise Tools for command execution, lateral movement and C2
- 2017.09 [blackhillsinfosec] Let’s Go Hunting! How to Hunt Command & Control Channels Using Bro IDS and RITA
- 2017.09 [pentestlab] Command and Control – WebDAV
- 2017.09 [pentestlab] Command and Control – Windows COM
- 2017.08 [bluescreenofjeff] Randomized Malleable C2 Profiles Made Easy
- 2017.08 [n0where] Proxy Aware PowerShell C2 Framework: PoshC2
- 2017.08 [riskanalytics] Andromeda command-and-control on SourceForge
- 2017.08 [pentestlab] Command and Control – PowerShell
- 2017.08 [themiddleblue] CloudFlare Domain Fronting: an easy way to reach (and hide) a malware C&C
- 2017.08 [trendmicro] Hackers Leverage Chat for Command&Control: How You Can Protect Your Business
- 2017.07 [blackhillsinfosec] How to Build a C2 Infrastructure with Digital Ocean – Part 1
- 2017.07 [NorthSec] Dimitry Snezhkov - Abusing Webhooks for Command and Control
- 2017.07 [xpnsec] Industroyer C2 Communication
- 2017.06 [mcafee] How a Hacking Group Used Britney Spears’ Instagram to Operate a Command and Control Server
- 2017.06 [cybersins] Jump Air-gap, Low Level C&C
- 2017.06 [trendmicro] Victim Machine has joined #general: Using Third-Party APIs as C&C Infrastructure
- 2017.05 [4hou] 新型僵尸网络Rakos:入侵设备后改造为C&C控制端,已感染数万台
- 2017.05 [threatexpress] Empire:修改服务器的 C2Indicators
- 2017.05 [m] New Shodan Tool Can Find Malware Command and Control (C&C) Servers
- 2017.04 [freebuf] 利用企业邮件系统构造命令控制(C&C)和数据窃取(Exfiltration)通道的思路探讨
- 2017.04 [cybersyndicates] Expand Your Horizon Red Team – Modern SaaS C2
- 2017.04 [blackhillsinfosec] WEBCAST: Two Covert C2 Channels
- 2017.04 [securityartwork] 对于只能使用企业设定的代理服务器访问外网,并且代理服务器通过严格设定和监控的状况,使用企业的网页邮箱,做为企业内网主机的C&C,以及获取数据。
- 2017.04 [chokepoint] Hunting Red Team Meterpreter C2 Infrastructure
- 2017.04 [krypt3ia] OpISIS C2’s and Malware?
- 2017.04 [krypt3ia] Trump Hotels Dot Com: Malware C2 In 2014
- 2017.03 [360] ChChes – 使用Cookie头与C&C服务器通讯的恶意软件
- 2017.03 [malwarebytes] CryptoBlock ransomware and its C2
- 2017.03 [pediy] [翻译] TP-Link C2 和 C20i 的多个漏洞
- 2017.03 [cobbr] ObfuscatedEmpire - Use an obfuscated, in-memory PowerShell C2 channel to evade AV signatures
- 2017.02 [jpcert] ChChes – Malware that Communicates with C&C Servers Using Cookie Headers
- 2017.02 [wordfence] WordPress Used as Command and Control Server in 2016 Election Hack
- 2017.02 [pierrekim] TP-Link C2 and C20i vulnerable to command injection (authenticated root RCE), DoS, improper firewall rules
- 2017.02 [arbornetworks] UC&C: Stay Connected with Service Assurance
- 2017.01 [securityartwork] Simple domain fronting PoC with GAE C2 server
- 2017.01 [HackersOnBoard] DEF CON 24 - Malware Command and Control Channels - A journey into darkness
- 2016.12 [DemmSec] PoshC2 - A fully powershell command and control server
- 2016.11 [myonlinesecurity] Locky changed to use .aesir file extension and changed C2 format
- 2016.11 [n0where] osquery Command And Control: Kolide
- 2016.10 [securelist] Inside the Gootkit C&C server
- 2016.10 [broadanalysis] Rig Exploit Kit via EITEST delivers Crypt2 ransomware C2 5.39.93.43
- 2016.10 [freebuf] 玩出C&C服务器地址隐身的新花样,看看这个恶意软件怎么作的
- 2016.09 [freebuf] 隐秘通信与跳板?C&C服务器到底是怎么一回事
- 2016.09 [laanwj] A few notes on SECONDDATE's C&C protocol
- 2016.09 [laanwj] BLATSTING C&C transcript
- 2016.09 [360] New Elknot/Billgates Variant with XOR like C2 Configuration Encryption Scheme
- 2016.08 [contextis] Using SMB named pipes as a C2 channel
- 2016.08 [endgame] Instegogram: Leveraging Instagram for C2 via Image Steganography
- 2016.08 [fidelissecurity] Vawtrak C2 – Pin it
- 2016.08 [harmj0y] Command and Control Using Active Directory
- 2016.08 [broadanalysis] New C2 – Neutrino Exploit Kit via pseudoDarkleech HOPTO.ORG gate delivers CrypMic Ransomware
- 2016.08 [CodeColoristX] 利用图片博客作 C&C 配置
- 2016.07 [broadanalysis] Neutrino Exploit Kit via pseudoDarkleech delivers CryptXXX Ransomware – NEW C2
- 2016.07 [cerbero] Extracting C&C from Android Malware
- 2016.07 [blackhillsinfosec] How to Build a 404 page not found C2
- 2016.07 [pentestn00b] PoshC2 – Powershell C2
- 2016.07 [hackwhackandsmack] PoshC2 – Powershell C2
- 2016.05 [rtl] Using the Airspy on an Odroid C2
- 2016.05 [sec] 烽火台威胁情报订阅0529:C2-feed
- 2016.05 [trustlook] Fake Adobe Flash App Evades Most Anti Virus Detection, Manipulates Phone by Command & Control Server in Latvia
- 2016.04 [broadanalysis] Angler EK sends Bedep, TelsaCrypt – NEW C2’s
- 2016.04 [akamai] Akamai's State of the Art Command and Control Center for OTT Broadcasters
- 2016.04 [broadanalysis] Angler Flash Exploit Infection Chain – New C&C
- 2016.03 [broadanalysis] Angler EK – TeslaCrypt – NEW C2 URI Structure “binarystings.php”
- 2016.03 [malwarenailed] Weaponized Container exploiting MS Office Vulnerability CVE 2012-0158 - Communicating to Dridex C2 Infra
- 2016.03 [broadanalysis] Angler EK sends TeslaCrypt – New C2 – New Ransom note pattern
- 2016.03 [dafthack] Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show True Risk
- 2016.03 [robert] Block Ransomware botnet C&C traffic with a Mikrotik router
- 2016.02 [arbornetworks] Embracing Modern UC&C: A Holistic Approach
- 2015.12 [blackhillsinfosec] Can we C2? Yes we can!
- 2015.11 [breakpoint] Detecting and Understanding Emdivi HTTP C2
- 2015.11 [alienvault] Command and Control Server Detection: Methods & Best Practices
- 2015.11 [f] Paper: C&C-As-A-Service
- 2015.11 [] 与黑产的博弈-C&C控制服务的设计和侦测方法综述
- 2015.11 [checkpoint] Offline Ransomware Encrypts Your Data without C&C Comms
- 2015.11 [angelalonso] Reversing the SMS C&C protocol of Emmental - 2nd part
- 2015.11 [angelalonso] Reversing the SMS C&C protocol of Emmental (1st part - understanding the code)
- 2015.11 [vanimpe] Hunting for Dridex C2 info
- 2015.10 [portcullis] Locating SAT based C&Cs
- 2015.09 [trendmicro] How Command and Control Servers Remain Resilient
- 2015.09 [securelist] Satellite Turla: APT Command and Control in the Sky
- 2015.09 [samvartaka] Crypto-trouble in Poison Ivy's C2 protocol
- 2015.09 [trendmicro] Attackers Target Organizations in Japan; Transform Local Sites into C&C Servers for EMDIVI Backdoor
- 2015.07 [trendmicro] Pawn Storm C&C Redirects to Trend Micro IP Address
- 2015.06 [virusbulletin] Vawtrak uses Tor2Web to connect to Tor hidden C&C servers
- 2015.05 [sans] Possible Wordpress Botnet C&C: errorcontent.com
- 2015.05 [trendmicro] Joke or Blunder: Carbanak C&C Leads to Russia Federal Security Service
- 2015.05 [trendmicro] Steganography and Malware: Concealing Code and C&C Traffic
- 2015.03 [secureallthethings] Yet Another Reason for HTTPS Everywhere: Internet Node Based Malware Command and Control Channels
- 2015.03 [trendmicro] Investigating and Detecting Command and Control Servers
- 2015.02 [zeltser] When Bots Use Social Media for Command and Control
- 2014.12 [malwaretech] Phase Bot – Exploiting C&C Panel
- 2014.12 [trendmicro] Banking Trojan Targets South Korean Banks; Uses Pinterest as C&C Channel
- 2014.11 [weebly] malware uses multiple web servers to have a periodic http C&C connection while its netflows are not periodic
- 2014.09 [trendmicro] Shellshock Updates: BASHLITE C&Cs Seen, Shellshock Exploit Attempts in Brazil
- 2014.08 [crysys] The Epic Turla Operation: Information on Command and Control Server infrastructure
- 2014.08 [weebly] Malware started to randomize the request times in relation with their C&C channels
- 2014.08 [arxiv] [1408.1136] Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences
- 2014.07 [harmj0y] A Brave New World: Malleable C2
- 2014.07 [zairon] Android Koler trojan: C&C part
- 2014.04 [macnica] Network Indicators of C2 / C2の兆候を発見するためのCheat Sheet
- 2014.03 [sans] The Importance of Command and Control Analysis for Incident Response
- 2014.03 [webroot] A peek inside a modular, Tor C&C enabled, Bitcoin mining malware bot
- 2014.03 [microsoft] Sefnit’s Tor botnet C&C details
- 2014.03 [microsoft] Sefnit’s Tor botnet C&C details
- 2014.01 [enigma0x3] Command and Control using Powershell and your favorite website
- 2013.12 [websec] Drive By ONT Botnet with IRC C&C
- 2013.10 [publicintelligence] U.S. Army Cyber Command and Control Facility Environmental Assessment
- 2013.09 [virusbulletin] Malware spoofing HTTP Host header to hide C&C communication
- 2013.07 [webroot] Cybercriminals experiment with Tor-based C&C, ring-3-rootkit empowered, SPDY form grabbing malware bot
- 2013.06 [crowdstrike] Rare Glimpse into a Real-Life Command-and-Control Server
- 2013.05 [cylance] C2 Malware Targets Battle.Net Accounts
- 2013.05 [dontneedcoffee] Inside RDPxTerm (panel 5.1 - bot 4.4.2) aka Neshta C&C - Botnet control panel
- 2013.03 [trendmicro] Backdoor Uses Evernote as Command-and-Control Server
- 2013.02 [cyberarms] Iranian Military C&C Allegedly Hacked and Launched Rockets at Tehran
- 2013.02 [dontneedcoffee] Inside Multi-Botnet ver.4 c&c Panel
- 2013.01 [welivesecurity] Walking through Win32/Jabberbot.A instant messaging C&C
- 2012.12 [talosintelligence] Triggering Miniflame's C&C Communication to Create a Pcap
- 2012.12 [talosintelligence] Quarian: Reversing the C&C Protocol
- 2012.09 [securelist] Full Analysis of Flame’s Command & Control servers
- 2012.08 [talosintelligence] SMSZombie: A New Twist on C&C
- 2012.08 [dontneedcoffee] Inside Upas Kit (1.0.1.1) aka Rombrast C&C - Botnet Control Panel
- 2012.07 [dontneedcoffee] Inside Citadel 1.3.4.5 C&C & Builder - Botnet Control Panel
- 2012.07 [virusbulletin] Grum botnet's command-and-control servers shut down
- 2012.07 [hackingarticles] Hack Windows 7 PC with Poison Ivy 2.3.2 C&C Server Buffer Overflow
- 2012.06 [dontneedcoffee] Inside Pony 1.7 / Fareit C&C - Botnet Control Panel
- 2012.06 [trendmicro] Library File in Certain Android Apps Connects to C&C Servers
- 2012.06 [securelist] The Roof Is on Fire: Tackling Flame’s C&C Servers
- 2012.04 [publicintelligence] (U//FOUO) U.S. Army Small Unmanned Aerial Vehicle (SUAV) Airspace Command and Control (A2C2) Handbook
- 2012.03 [shadowserver] Of House Cleaning and Botnet C&C’s
- 2012.02 [virusbulletin] New Zeus/SpyEye botnet does away with command-and-control servers
- 2011.11 [securelist] The Mystery of Duqu: Part Six (The Command and Control servers)
- 2011.10 [trendmicro] Android Malware Uses Blog Posts as C&C
- 2011.09 [forcepoint] Websense Labs Video: Speaking in Tongues: Malware C&C Encryption
- 2011.07 [talosintelligence] Binary C&C Over HTTP
- 2011.06 [virusbulletin] DroidKungFu command and control server may be mobile device
- 2011.03 [trendmicro] Trend Micro Sinkholes and Eliminates a ZeuS Botnet C&C
- 2010.09 [publicintelligence] (U//FOUO) Joint Battle Management Command and Control (JBMC2) Roadmap Version 1.0
- 2010.09 [publicintelligence] (U//FOUO) Joint Battle Management Command and Control Roadmap 2003 Draft
- 2010.09 [trendmicro] Uncovered SpyEye C&C Server Targets Polish Users
- 2010.03 [securelist] Active Koobface C&C servers hit a record high – 200+ and counting
- 2010.03 [securelist] Koobface C&C servers steadily dropping – new spike coming soon?
- 2006.11 [sans] Bot C&C Servers on Port 80
- 2004.01 [daringfireball] Command and Control
远控
工具
新添加
- [1615星][9d] [Py] zerosum0x0/koadic 相似于Meterpreter、Powershell Empire 的post-exploitation rootkit,区别在于其大多数操做都是由 Windows 脚本主机 JScript/VBScript 执行
- [1473星][3y] [Py] nathanlopez/stitch 一个跨平台的远控框架,可为Windows,Mac OSX和Linux构建自定义的Payload
- [789星][4m] [Py] kevthehermit/ratdecoders Python Decoders for Common Remote Access Trojans
- [764星][7d] [C] rdesktop/rdesktop rdesktop is an open source UNIX client for connecting to Windows Remote Desktop Services, capably of natively speaking Remote Desktop Protocol (RDP) in order to present the user's Windows desktop. rdesktop is known to work with Windows server version ranging from NT 4 terminal server to Windows 2012 R2.
- [706星][1y] [PS] arvanaghi/sessiongopher 使用WMI为远程访问工具(如WinSCP,PuTTY,SuperPuTTY,FileZilla和Microsoft远程桌面)提取保存的会话信息。PowerShell编写
- [538星][10d] [JS] mr-un1k0d3r/thundershell 经过HTTP请求进行通讯的C#RAT
- [392星][5m] [C++] werkamsus/lilith 基于C ++开发的基于控制台的超轻量RAT
- [297星][2y] [Py] 0xislamtaha/python-rootkit Python远控,用于获取Meterpreter会话
- [238星][6d] [C#] b4rtik/redpeanut RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.
- [222星][9d] [C++] xdnice/pcshare 远程控制软件,能够监视目标机器屏幕、注册表、文件系统等。
- [214星][2y] [C#] them4hd1/vayne-rat 用C#编码的免费和开源远程管理工具。
- [205星][2y] [C++] ahxr/ghost a light RAT that gives the server/attacker full remote access to the user's command-line interprete
- [201星][10d] [Py] pure-l0g1c/loki 远程访问工具, 使用 RSA-2048 + AES-256 保护通讯安全
- [195星][3m] [PHP] 0blio/caesar 基于HTTP的RAT,从浏览器远程控制设备
- [175星][4y] [C#] alphadelta/secure-desktop Anti-keylogger/anti-rat application for Windows
- [172星][3y] [C++] hussein-aitlahcen/blackhole C# RAT (Remote Administration Tool)
- [157星][10d] [Visual Basic] mwsrc/plasmarat Remote Access Trojan(RAT), Miner, DDoS
- [140星][1m] [Py] anhkgg/pyrat 基于python XmlRPC完成的远控开源项目,包括客户端和服务端(也叫控制端,后统称服务端)
- [136星][25d] [C++] earthquake/universaldvc Universal Dynamic Virtual Channel connector for Remote Desktop Services
- [129星][2y] [Py] dviros/rat-via-telegram 使用Telegram控制已经攻克的Windows主机
- [115星][4y] [C#] leurak/trollrat 远程管理工具(RAT),该工具采用与其余RAT不一样的方法,不作数据窃取等,只是为了trolling
- [98星][4m] [JS] securityrat/securityrat OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development
- [95星][7y] [C#] ilikenwf/darkagent DarkAgent Remote Administration Tool RAT by DragonHunter
- [95星][2y] [Pascal] senjaxus/allakore_remote Delphi Seattle编写的远控
- [80星][4y] [C++] rwhitcroft/dnschan 使用DNS通讯的远程访问木马
- [77星][4y] [Py] ahhh/reverse_https_bot A python based https remote access trojan for penetration testing
- [66星][11d] [Visual Basic] thesph1nx/rt-101 VB.net Remote Administrator Tool (RAT)
- [65星][7m] sh1n0g1/shinobot RAT / Botnet Simulator for pentest / education
- [61星][28d] [Visual Basic] thesph1nx/slickermaster-rev4 NSA Hacking Tool Recreation UnitedRake
- [61星][2m] [C#] nyan-x-cat/mass-rat Basic Multiplatform Remote Administration Tool - Xamarin
- [58星][3y] [PS] killswitch-gui/persistence-survivability Powershell Persistence Locator
- [57星][3y] [Py] m4sc3r4n0/spyrat Python Remote Access Trojan
- [55星][4y] [Py] ahhh/ntp_trojan Reverse NTP remote access trojan in python, for penetration testers
- [53星][8d] [Java] blackhacker511/blackrat Java编写的远控
- [52星][12d] [Py] technowlogy-pushpender/technowhorse TechNowHorse is a RAT (Remote Administrator Trojan) Generator for Windows/Linux systems written in Python 3.
- [50星][11d] [C#] brunull/pace A Remote Access Tool for Windows.
- [46星][1m] [Pascal] 0x48piraj/malwarex Collection of killers
- [46星][1m] [PHP] davidtavarez/pinky pinky - The PHP mini RAT (Remote Administration Tool)
- [46星][20d] [Shell] infosecn1nja/ycsm This is a quick script installation for resilient redirector using nginx reverse proxy and letsencrypt compatible with some popular Post-Ex Tools (Cobalt Strike, Empire, Metasploit, PoshC2).
- [46星][18d] [Java] m301/rdroid [Android RAT] Remotely manage your android phone using PHP Interface
- [46星][2y] pentestpartners/ptp-rat Exfiltrate data over screen interfaces
- [44星][2y] [Shell] taherio/redi Automated script for setting up CobaltStrike redirectors (nginx reverse proxy, letsencrypt)
- [41星][3y] [C] killswitch-gui/hotload-driver C++
- [40星][5y] [C++] lingerhk/0net 一个简单的Windows远程控制后门
- [40星][3y] [Visual Basic .NET] mwsrc/betterrat Better Remote Access Trojan
- [39星][1m] [Shell] samyk/easel-driver Easel driver for Linux (and Mac/Windows) + remote access to CNC controller
- [37星][11d] [PS] 5alt/zerorat ZeroRAT是一款windows上的一句话远控
- [36星][5m] [C#] blackvikingpro/aresskit Next Generation Remote Administration Tool (RAT)
- [35星][3y] ritiek/rat-via-telegram Removed according to regulations
- [29星][1m] [Py] the404hacking/windows-python-rat A New Microsoft Windows Remote Administrator Tool [RAT] with Python by Sir.4m1R.
- [26星][2y] [Py] thegeekht/loki.rat Loki.Rat is a fork of the Ares RAT, it integrates new modules, like recording , lockscreen , and locate options. Loki.Rat is a Python Remote Access Tool.
- [25星][9m] [D] alexa-d/alexa-openwebif alexa skill to control your openwebif device
- [24星][2y] [Py] rootm0s/casper 👻 Socket based RAT for Windows with evasion techniques and other features for control
- [22星][16d] [C#] rainkin1993/remote-access-trojan-database A database of RAT collected from Internet
- [21星][11d] [Py] kaiiyer/backnet Backdoor+Botnet or BackNet is a Python Remote Access Tool.
- [19星][7d] [Py] lithium95/controll_remote_access_trojan Created a VERY SIMPLE remote access Trojan that will establish administrative control over any windows machine it compromises.
- [18星][10m] [PHP] eddiejibson/limitrr-php Better PHP rate limiting using Redis.
- [18星][3y] [Py] landonpowell/orwell-rat-and-botnet Orwell is a RAT and Botnet designed as a trio of programs by Landon Powell.
- [17星][17d] [YARA] deadbits/yara-rules Collection of YARA signatures from individual research
- [17星][2m] [PHP] rizer0/rat-hunter detect trojans by easy way
- [14星][3y] [Java] mhelwig/adwind-decryptor Simple decrypter for Java AdWind, jRAT, jBifrost trojan
- [14星][2y] [Py] mitre/caldera-agent
- [14星][1y] shifa123/maarc A Python - Remote Administration Tool (RAT)
- [12星][2y] [JS] node-rat/noderat NodeRat is remote access tool made with NodeJS and python
- [11星][3y] [Pascal] mwsrc/schwarze-sonne-rat SS-RAT (Schwarze-Sonne-Remote-Access-Trojan)
- [10星][7m] [Go] alanbaumgartner/aurora Aurora Remote Administration Tool
- [10星][12m] [Py] user696/mrrat
- [9星][2y] [Py] cisco-talos/remcos-decoder Talos Decryptor POC for Remcos RAT version 2.0.5 and earlier
- [9星][8d] [Py] federicochieregato/darkfox Remote access trojan created using WinRar with firefox installer and python Reverse Shell embedded.
- [8星][2y] thejollysin/i-wish-i-were-at-defcon-25-hack-a-thon My own "I wish I were at DefCon 25" Hack-a-Thon
- [8星][4y] [C++] xyl2k/black-eye-rsa-attacking-toolkit-v0.1f-compiled The great RSA Attacking Toolkit compiled for Windows
- [7星][2y] [C#] advancedhacker101/android-c-sharp-rat-server This is a plugin for the c# R.A.T server providing extension to android based phone systems
- [7星][6m] [Py] e-rror/hiroo
- [7星][2y] [C#] mitre/caldera-crater
- [7星][1y] [JS] roccomuso/netrat Damn easy multiplatform Node.js RAT generator.
- [7星][2y] [Py] lukebob-zz/c2-pwn Uses Shodan API to pull down C2 servers to run known exploits on them.
- [6星][18d] [Py] apacketofsweets/apollo A simple, lightweight Remote Access Tool written in Python
- [6星][1y] [Py] z4rk/winshell Python opensource RAT/Botnet
- [6星][4y] [Visual Basic .NET] gaiththewolf/d-rat_vb.net_mysql_php D-RAT [VB.NET]+[MySQL]+[PHP]
- [6星][7d] [PHP] katsana/remote-control Grant remote access to user account without sharing credentials
- [5星][8m] [Go] alepacheco/client Windows, OS X and linux RAT client
- [5星][17d] [C++] melardev/xeytanwin32-rat WORK IN PROGRESS. RAT written in C++ using Win32 API
- [4星][16d] [C++] izanbf1803/rat-cpp-prototype A simple RAT.
- [4星][3m] [C++] melardev/xeytanwxcpp-rat Work in Progress. RAT written in C++ using wxWidgets
- [3星][2y] [Py] bedazzlinghex/memory-analysis Contains tools to perform malware and forensic analysis in Memory
- [3星][1m] [Kotlin] eskatos/creadur-rat-gradle Apache RAT (Release Audit Tool) Gradle Plugin
- [3星][1m] [Py] gbrn1/pirate Python Remote Access Tool
- [2星][4y] [Py] dakotanelson/multicat PoC RAT using the sneaky-creeper data exfiltration library
- [2星][4y] [Visual Basic .NET] retrobyte/shadowtech-rat An example of a remote administration tool.
- [None星]socprime/sobaken-rat-detector
Windows
- [610星][1y] [PS] fortynorthsecurity/wmimplant This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/remote machine. WMImplant is WMI based.
- [518星][8m] [Visual Basic .NET] nyan-x-cat/lime-rat LimeRAT | Simple, yet powerful remote administration tool for Windows (RAT)
- [493星][6m] [Py] viralmaniar/powershell-rat Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.
- [360星][8d] [C#] nyan-x-cat/asyncrat-c-sharp Open-Source Remote Administration Tool For Windows C# (RAT)
- [340星][3y] [Pascal] malwares/remote-access-trojan Windows Remote-Access-Trojan
- [229星][4y] [Py] hood3drob1n/jsrat-py This is my implementation of JSRat.ps1 in Python so you can now run the attack server from any OS instead of being limited to a Windows OS with Powershell enabled.
- [149星][4m] [Py] safebreach-labs/sireprat Remote Command Execution as SYSTEM on Windows IoT Core
- [119星][11d] [C#] dannythesloth/vanillarat VanillaRat is an advanced remote administration tool completely coded in C# for Windows.
- [117星][8d] [Py] thelinuxchoice/pyrat Windows远控
- [106星][9m] [C#] r-smith/splice-admin A remote Windows administration tool. You know you want it.
- [104星][2y] [Py] syss-research/outis a custom Remote Administration Tool (RAT) or something like that. It was build to support various transport methods (like DNS) and platforms (like Powershell).
- [70星][3m] [PS] dsccommunity/certificatedsc DSC resources to simplify administration of certificates on a Windows Server.
- [67星][4y] [C#] stphivos/rat-shell Windows Remote Access Trojan (RAT)
- [39星][2m] [Py] swordf1sh/moderat Experimental Windows Remote Administration and Spy Tool in Python + GUI
- [20星][1y] [Visual Basic] nyan-x-cat/asyncrat Remote Administration Tool For Windows
- [17星][6m] [Py] operatorequals/smbrat A Windows Remote Administration Tool in Visual Basic with UNC paths
- [16星][6m] [PS] yschgroup/skyrat SkyRAT - Powershell Remote Administration Tool
Linux
- [131星][8m] [C] abhishekkr/n00brat 用于POSiX(Linux / Unix)系统的远程管理工具包(或Trojan),以Web服务方式运行
- [68星][10m] [JS] webxscan/linux_rat LINUX集群控制(LINUX反弹式远控)
- [51星][15d] [C] thibault-69/rat-hodin-v2.9 Remote Administration Tool for Linux
- [20星][2m] [C] lillypad/swamp-rat A Linux RAT in C
- [7星][5m] [C] ctsecurity/stealth-kid-rat Stealth Kid RAT (SKR) is an open source Linux remote administration tool written in C. Licensed under MIT. The SKR project is fully developed and tested on Debian GNU-Linux (Deb 9.3 "Stretch") platform. The RAT will soon be available on Windows platform by mid 2018.
Apple
- [430星][9d] [ObjC] sap/macos-enterprise-privileges For Mac users in an Enterprise environment this app ensures secure environment and yet gives the User control over administration of their machine by elevating their level of access to Administrator privilege on macOS X. Users can set the time frame using Preferences to perform specific tasks such as install or remove an application.
- [75星][4y] [Pascal] xlinshan/coldroot Mac OS Trojan (RAT) made with love <3
- [74星][1y] [Py] kdaoudieh/bella Bella is a pure python post-exploitation data mining tool & remote administration tool for macOS.
- [21星][2m] [Py] cys3c/evilosx A pure python, post-exploitation, remote administration tool (RAT) for macOS / OS X.
Android
文章
贡献
内容为系统自动导出, 有任何问题请提issuephp
================== Endcss