Keep yourself updated with the latest tactics and techniques using Brute Ratel C4.
Release February 09, 2021
Brute Ratel C4 v0.2 (Prometheus) is now available for download and provides a major update towards process injections and adversary simulations. Along with this release, we have started providing access to an Active Directory trial lab to test the features of injection and pivoting of BRC4 over the test environment.
Research Feature-update January 30, 2021
Reflective DLL and shellcode injection remain one of the most used techniques for threat actors as well as Red Teamers for post exploitation since the executions happen only in memory and they don’t have to drop anything to disk. However, most of the offsec-tools use shellcode injection only for initial access or for exploitation of vulnerable services and processes. Reflective DLLs and C# executables which can be loaded directly into memory are more often the choice of adversaries for post-exploitation tasks, since writing them is a less tedious task than writing assembly code as we have to manage the stack and registers ourselves in assembly. However, what if we can write the shellcode in a higher language like C? In this blog, we will delve into the dark corners of linkers and compilers to write a position independent code in C and extract it’s shellcode.