Brute Ratel C4 Blogs

Keep yourself updated with the latest tactics and techniques using Brute Ratel C4.

Add Post

  • Release v2.3 - Flux

    Release October 07, 2025

    Brute Ratel v2.3 (codename Flux) is now available for download. A key focus of this release was complete redevelopment of the Badger implant using a custom-built compiler, designed to improve operational security (OpSec) and significantly reduce its memory footprint. During development, I noticed several limitations in the existing MinGW and Clang toolchains, particularly in how they handle certain memory regions and stack layouts. To address these issues, the MinGW/Clang compiler provided limited support, as ideally, these are not options that a general developer would ideally want to mess with. But the built-in optimizations were a tad bit problematic when dealing with my stealth requirements. Thus, I ended up creating a tailored variant, capable of optimizing the Badger’s compilation process to meet the required stealth requirements. As a result, the size of the full Badger implant has been reduced by 30% in this release, with further reductions expected to reach around 60% in the next iteration — all while retaining the full feature set.

    Read More

  • Release v2.2 - Rinnegan

    Release May 15, 2025

    Read More

  • Exception Junction - Where All Exceptions Meet Their Handler

    Research October 20, 2024

    This blog is in relation to some of the hurdles I’ve met while debugging and researching various new features for Brute Ratel. Before we get started, let me inform you that this blog is not for beginners. It requires some knowledge about Windows internals, exception handlers, and getting your hands dirty with a debugger, preferably x64dbg. And to add to that, there’s limited to near zero information on the web related to this topic, thus I spent the last 24 hours researching and writing this from scratch while being high on caffeine.

    Read More

  • Release v2.0 - Everything Everywhere All At Once

    Release June 27, 2024

    Brute Ratel v2.0 [codename Metamorphosis] is now available for download. This release introduces significant changes compared to previous versions, so it’s strongly recommended to review this blog, the private videos, and the documentation before using it. The Badger component has undergone extensive rewrites, featuring major updates in evasion tactics and new functionalities. The server has been optimized for speed and efficiency, with significant improvements to the licensing algorithm, ensuring each license is linked to a specific host to prevent misuse. However, the license can still be transfered from one host to another while deactivating the previous one. Additionally, several minor updates have been made to the Commander, which operators will notice during operation.

    Read More

  • Release v1.9 - Eclipse

    Release March 07, 2024

    Brute Ratel v1.9 [codename Eclipse] is now available for download. This update includes enhancements in evasion techniques, anti-debugging measures, and new encryption keying methods for the core, along with an update to the licensing algorithm. Please note that the Ratel server, Commander, and previous versions of badgers are not compatible with v1.8 or older releases due to significant changes in the core architecture.

    Read More

  • Release v1.8 - Mirage - Evading Every EDR On The Planet Part 2

    Release December 19, 2023

    Brute Ratel v1.8 [codename Mirage] is now available for download. This release provides a heavy update towards evasion and other feature requests by the community. Customers using v1.7 release should note that the Badgers of v1.7 will not support v1.8. Do not upgrade to this release if you are in an active engagement. Release notes have been disabled from here on out as we’ve noticed that it helps various security solutions to build detection capabilities on them. All blog updates/documentation will only contain minimalistic information on the internals starting from this release. Customers wanting further information can reach out to us on the dedicated email or discord support channel.

    Read More

  • Release v1.7 - Pandemonium

    Release July 27, 2023

    Brute Ratel v1.7 [codename Pandemonium] is now available for download. This release is an entire overhaul of the Badger, Ratel Server and Commander to provide support for Yara evasions and Apple Silicon. Customers using v1.6 release should note that the Badger, Ratel server and Commander of v1.6 will not support v1.7. Do not upgrade to this release if you are in an active engagement. Operators should read this blog or the release notes section to understand the changes before upgrading. A quick summary of changes can be found in the release notes.

    Read More

  • Release v1.6 - Reboot

    Release May 30, 2023

    Brute Ratel v1.6 codename Reboot is now available for download. This release brings in several updates to existing evasion techniques, support for Windows Commander, Hi-DPI scaling and various heavy user experience updates (QOL) requested by the BRc4 community. A quick summary of the changes can be found in the release notes.

    Read More

  • Release v1.5 (Nightmare) - Ghosts From The Past

    Release March 19, 2023

    Brute Ratel v1.5 codename Nightmare is now available for download. This release brings in new evasion techniques and user experience updates (QOL) requested by the BRc4 community. A quick summary of the changes can be found in the release notes. This release also brings several changes to the licensing server which now provides support for backward compatibility. More on this at the end of the blog.

    Read More

  • Release v1.4 (Blitzkrieg) - Reflection In a Nut Shell

    Release January 04, 2023

    Brute Ratel v1.4 codename Blitzkrieg is now available for download. This release brings in a few new features, updates to EtwTI evasion techniques, and user experience (QOL) requested by the BRc4 community. A quick summary of the changes can be found in the release notes.

    Read More