For this (late) March V-Day, we’re happy to add in a module that was developed and submitted to us from @byt3bl33d3r! This is a python based beaconing payload. The payload was based off of the original POC from @midnite_runr (available here).
If configured to beacon out for data, the payload will continuously call back to a system of the attacker’s choice every X seconds. Once the beacon receives data (a web server 200 code) from the web server, it will attempt to inject the data into memory and execute it.
To use this payload, you will want to dump the raw shellcode to a file, vs. storing it in a \x1f\xbc… format.
Thanks to @midnite_runr for the original POC and thanks to @byt3bl33d3r for not only writing the module, but working with us to get it ready for release!
One thought on “March V-Day”