feat: multi-platform agents, Discord C2, services & OPSEC hardening#324
Closed
En3nr4 wants to merge 11 commits into
Closed
feat: multi-platform agents, Discord C2, services & OPSEC hardening#324En3nr4 wants to merge 11 commits into
En3nr4 wants to merge 11 commits into
Conversation
Replace weak RC4 stream cipher with AES-256-GCM authenticated encryption across the entire beacon/listener stack: - Beacon C++: new Crypt.cpp with AES-256-GCM (encrypt returns [IV][CT][Tag], decrypt with authentication) + AES-256-CTR stream for DNS label data - All connectors updated (HTTP, SMB, TCP, DNS) - Agent/AgentConfig: 32-byte session keys, AES-GCM encrypted beats - Go plugins: AES256GCMEncrypt/Decrypt replacing RC4Crypt - All 4 listeners updated (HTTP, TCP, SMB, DNS) - DNS listener: AES-CTR stream for control data, AES-GCM for session data - Key size: 16 bytes (128-bit RC4) → 32 bytes (256-bit AES) - UI configs: encrypt_key field updated to 64 hex chars
Native C agent for macOS ARM64 (Apple Silicon M1/M2/M3/M4): - Cross-compiled from Linux via osxcross (aarch64-apple-darwin23.5-clang) - Formats: Mach-O binary, Shellcode ARM64 (XOR-encoded dylib), Go fallback - 26 commands: fs ops, process mgmt, shell, screenshot, clipboard, persistence, TCC check, EDR detection, keychain, browser dump, download, upload, run, tunnels, terminal, SOCKS proxy - AES-128-GCM crypto, msgpack wire protocol, TCP connector - ~100 KB Mach-O, ~120 KB shellcode blob - Polymorphic ARM64 XOR decoder stub
Discord-based C2 channel using Discord bot API for beacon communication. Provides covert communication over legitimate Discord infrastructure.
ConnectorDiscord.cpp/h: Discord bot API-based C2 connector for the beacon, enabling communication through Discord channels as a covert transport.
Web hosting service for serving payloads, files, and static content through the Adaptix teamserver infrastructure.
Phishing campaign management service with email templates, landing pages, campaign tracking, and click/submit analytics.
Keylogger.cpp/h: Windows keylogging capability using low-level keyboard hooks (SetWindowsHookExA). Captures keystrokes with window context and reports via async job output.
- Per-payload DJB2 seed randomization: each generated payload gets a unique crypto-random seed, generating unique API hash constants (ApiDefines.h) and recompiling all hash-dependent source files - Module Stomping reflective loader (stub_rdi.x64.asm): replaces the pre-compiled sRDI stub with a full NASM source assembled per-payload with seed-derived hash defines and MODULE_STOMP enabled - Polymorphic XOR encoder: wraps shellcode payloads with a randomized decoder stub featuring junk instructions and register randomization - Build pipeline ships beacon source files for per-payload recompilation
- Add Obfuscate.h: compile-time XOR string encryption header - Add DebugLog.h: debug logging stub (no-op in release builds) - Add ProfileDiscord struct and BEACON_DISCORD config to AgentConfig.h - Add user32.dll API hashes to ApiDefines.h (keylogger resolution) - Add GenerateRandomBytes() utility function - Add DJB2_SEED default to pre-compilation Makefile flags - Exclude ConnectorDiscord.o from non-Discord object directories
…ility - Add new extenders to profile.yaml and go.work for proper loading - Fix Teamserver interface in linux/macOS agents (TsDownloadAdd int64, add Terminal/TunnelPause methods) - Wire Discord connector build pipeline (Makefile, config.yaml, ax_config) - Add module stomping UI controls and stomp_paths.inc generation - Add keylogger command dispatch in Commander - Fix 8 missing DJB2 hash constants in pl_hashes.go - Regenerate go.sum for all new modules
Closed
Contributor
|
Split this large PR into several smaller PRs. A single PR should not contain fixes for several different components. |
This was referenced May 23, 2026
Author
|
Closing this PR and splitting into smaller, component-focused PRs as requested:
Each PR targets a single component and can be reviewed/merged independently. |
Author
done |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Major feature contribution adding multi-platform agent support, new C2 channels, operational services, and OPSEC improvements to AdaptixC2.
New Agents
New Listeners & Connectors
New Services
Beacon OPSEC Enhancements
Infrastructure
profile.yaml,go.workfor new modulesconfig.yaml,ax_config.axs,MakefileTest plan
make server-extcompiles all 13 extenders + server cleanly