HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

Pentest RedGuard C2 Front Flow Control tool

0x1

0x1

LeVeL23 HacKerS TeaM
User
Joined
Nov 15, 2013
Messages
880
Reputation
0
Reaction score
6,315
Points
243
Credits
78
‎11 Years of Service‎
18%

RedGuard - C2 Front Flow Control Tool, Can Avoid Blue Teams, AVs, EDRs Check


LEaSzOC.png


RedGuard, a derivative tool based on command and control (C2) front flow control technology, has a lighter design, efficient traffic interaction, and reliable compatibility with development in the go programming language.As cyber attacks are constantly evolving , the red and blue team exercises become progressively more complex, RedGuard is designed to provide a better C2 channel hiding solution for the red team, that provides the flow control for the C2 channel, blocks the "malicious" analysis traffic, and better completes the entire attack task.

RedGuard is a C2 front flow control tool that can avoid Blue Team, AVS, EDR, Cyberspace Search Engine detects.

When is RedGuard Used?

  • In the offensive and defensive exercise, the investigators attempting to do cyber attribution analyze C2 traffic connected to the attackers with the situational awareness platform
  • Prevent malware sample analysis by identifying cloud sandboxes based on JA3 fingerprint libraries
  • Block malicious requests to perform replay attacks and achieve obfuscation online
  • Restrict access requests by whitelisting in the case of the IP of the connecting server is specified
  • Prevent the scanning and identification of C2 facilities by cyberspace mapping technology, and redirect or intercept the traffic of scanning probes
  • Supports front flow control for multiple C2 servers, and can realize domain fronting, load balancing connection to achieve hidden effect
  • Able to perform regional host connection restriction according to the attribution of IP address by requesting IP reverse lookup API interface
  • Resolve strong features of staged checksum8 rule path parsing without changing the source code.
  • Analyze blue team traceability behavior through interception logs of target requests, which can be used to track peer connection events/issues
  • With the ability to customize the time period for legal interaction of samples to realize the function of only conducting traffic interaction during the working time period
  • Malleable C2 Profile parser capable of validating inbound HTTP/S requests strictly against malleable profile and dropping outgoing packets in case of violation (supports Malleable Profiles 4.0+)
  • Built-in blacklist of IPV4 addresses for a large number of devices, honeypots, and cloud sandboxes associated with cybersecurity vendors to automatically intercept redirection request traffic
  • SSL certificate information and redirect URLs that can interact with samples through custom tools to avoid the fixed signature of tool traffic
  • ..........
Description :
To see this hidden content, you must like this content.
Download :
To see this hidden content, you must like this content.
 
You must log in or register to reply here.
Back
Top