Alan Framework: post-exploitation framework
Alan is a post-exploitation framework aimed at ensuring persistence on the compromised system and making the lateral movement task easier. Its usage is particularly indicated during red-team activities. The framework is composed of a server and an agent that is running on the compromised machine. The agent receives and executes commands from the server.
The Alan framework was developed by considering the limitations of most of the post-exploitation tools available on-line, with the goal of providing an effective alternative. A not complete list of key features supported by the Alan Framework is reported below:
- Secure Communication: The communication between the server and the agent is encrypted in a secure way by using different encryption keys for each generated agent. This avoids the decryption of the network traffic if intercepted by a blue team. In other similar products, the key is embedded inside the agent, making the decryption of the traffic feasible by reversing the client binary. Alan framework generates the session key on the fly and protects it with a public key; this will
ensure that the traffic cannot be decrypted.
- A powerful remote command-shell: Alan Framework implements a powerful command shell that allows the operator to navigate and executes commands on the compromised host. In other similar products, the command-shell is implemented by waiting for the command to complete before sending the output to the server; this implementation might cause problems in the case of a task with a very long output. Alan supports asynchronous execution and it is perfectly able to handle such commands (you can test this feature by running the pause command in the command-shell prompt).
- Low footprint: Alan is implemented with the principle to have a low footprint. The client is only a few KB and can be easily embedded in format like Powershell scripts