It uses a range of methods to evade EDR and AV while allowing the operator to continue using tooling and tradecraft they are familiar with. Its powered by Python 3.8 and C, and uses Donut for payload generation. By using Donut along with the process injection capabilities of SHAD0W, it provides the operator the ability to execute .NET assemblies, DLLs, EXEs, JS, VBS or XSLs fully inside the memory. Dynamically resolved syscalls are heavily used to avoid userland API hooking, anti-DLL injection to make it harder for EDR to load code into the beacons, and official Microsoft mitigation methods to protect spawn processes. Runs fully inside of Docker allowing cross-platform usage. SHAD0W is a modular C2 framework designed to successfully operate on mature environments. All traffic between beacons and the C2 are encrypted and transmitted over HTTPS.

Features

  • Built for Docker
  • Extremely modular
  • HTTPS C2 communication
  • JSON based protocol
  • Live proxy and mirror
  • Modern CLI

Project Samples

SHAD0W Screenshot 1

Project Activity

See All Activity >

Categories

Frameworks, Post-Exploitation Frameworks

License

MIT License

Follow SHAD0W

SHAD0W Web Site

Other Useful Business Software
Stay in Flow. Let Zenflow Handle the Heavy Lifting. Icon
Stay in Flow. Let Zenflow Handle the Heavy Lifting.

Your AI engineering control center. Zenflow turns specs into shipped features using parallel agents and multi-repo intelligence.

Zenflow is your engineering control center, turning specs into shipped features. Parallel agents handle coding, testing, and refactoring with real repo context. Multi-agent workflows remove bottlenecks and automate routine work so developers stay focused and in flow.
Try free now
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of SHAD0W!

Additional Project Details

Programming Language

C

Related Categories

C Frameworks, C Post-Exploitation Frameworks

Registered

2022-09-15
Report inappropriate content