DeimosC2

DeimosC2 is a post-exploitation Command & Control (C2) tool that leverages multiple communication methods in order to control machines that have been compromised. DeimosC2 server and agents work on and have been tested on, Windows, Darwin, and Linux. It is entirely written in Golang with a front end written in Vue.js.

DeimosC2 was developed to be very flexible for others to contribute and throughout this guide, we will show you how to contribute. Some key benefits and features of Deimos are:

• Customized version of GoObfuscate that works for Windows, Darwin, and Linux
• Modules that communicate over RPC meaning modules can be written in any language as long as they talk over RPC to the C2 server
• Archiving capabilities of logs and database for historical evidence or backup capabilities
• Fully functional UI that allows for easy use of the tool
• WebShells that can be leveraged to control web servers through the C2 without ever dropping an agent (limited on modules)
• And much much more.

Listener Features

• Each listener has it’s own RSA Pub and Private key that is leveraged to wrap encrypted agent communications.
• Dynamically generate agents on the fly
• Graphical map of listener and agents that are tied to it

Agent Features

• Agent list page to give a high-level overview
• Agent interaction page containing info of agent, ability to run jobs against an agent, filebrowser, loot data, and ability to add comments

Supported Agents

• TCP
• HTTPS
• DoH (DNS over HTTPS)
• QUIC
• Pivot over TCP

Frontend Features

• Multi-User support with roles of admin and user
• Graphs and visual interaction with listeners and agents
• Password length requirements
• 2FA Authentication using Google MFA
• Websocket API Calls

Download & Use

Copyright (c) 2020 Critical Start Inc., Quentin Rhoads-Herrera, Chase Dardaman, Blaise Brignac