Command Transmission

Brute Ratel uses a custom encryption algorithm between the badgers and the c4 server. This encryption is performed using a random key that the user provides. If a user does not provide an encryption key, the service generates it dynamically. This layer of encryption rests below the SSL layer. If any Network-based EDR or network intrustion detection system like Zeek/BRO tries to sniff the traffic using ssl decryption, the inner layer would still be encrypted and appear garbage to the network intrusion detection system. This encryption key can also be provided inside the C4 profile as shown below.

{
    "comm_enc_key": "WeiJeeWeiCufae2y"
}