Seven Layers delivers comprehensive, dependable, and cost-effective solutions tailored to our clients’ needs and budgets. We offer cutting edge defensive security strategies to provide you with the ability to protect key systems and information – and can pair those with traditional information technology services to keep your business up and running, so you can focus on the business that is important to you.

    We provide penetration testing services and vulnerability assessments for peace of mind, risk management, and regulatory compliance. And because your employees are often your first line of defense - or weakness – we offer employee education in computer security and corporate security policies.

    Our support services cover your full suite of end user desktops, in-house servers, cloud-based servers, and cloud services. This includes seamless support for employees in all locations, whether they are in corporate offices, or are remote users. We will manage and develop content management systems, customized software and web applications, as well as working with off the shelf applications.


     

    The description states:  "Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers."

    I wanted to like this and perhaps there's much to like but when I'm looking at these types of frameworks, I'm interested in how it can help me.  There's definitely a red team / blue team component to this and maybe that's where this excels but that's of little interest to me.  

    This is the first time I've run a dot net application on Linux so that was kind of cool  And in general, it's a cool tool but I don't see how it will aid me.  

    Upon finishing the install, we hit the UI with a browser and we're asked to set a username and password:





    I can't remember exactly when I had that deja vu feeling but sooner or later, I felt like this framework was similar to Faction.  Faction is another c2 I checked out but it's still in the too early stages although I wanted to like it too.

    Anyway, when we get logged in, we see users:




    I'm not interested in adding more users, I head over to Listeners:





    Admittedly, I got a little confused with Listeners because the instructions indicate that I should (and can) change the URL:





    Except you don't change it there, you change it here in the second position, then the first will reflect that change:





    When we hit create, we see our Listener setup and waiting:





    Now we head over to Launchers and we select a Binary:





    I like the idea of a Killdate and I assume that's a nicety when dealing with red team engagements.  Just in case things don't get cleaned up, they are still dead:





    I should also point out that your victim needs to have whichever dot net framework installed.  Might want to know that in advance of dropping your implant -- otherwise it requires the download, installation, and relaunching of the implant.

    After we generate the implant, we select download:





    Just for the sake of testing without interference, I have a Windows 8 install without antivirus.  I figure I need to make sure it's working before I test it with antivirus.  

    I download the implant:





    I execute it and we get an event in the console:

     




    When we refresh Grunts, we see our connected device:





    When we click on the name, we drill down into the info:





    When we select Interact, we get to a console window. 

    Ah yes, this is where I'm reminded of Faction.  Whoami exists but in order to use other command line commands, we have to append "shell".

    Whoami:





    That's when I go hunting for help and I find the "shell" command:





    Just trying things here and there:





    #NoJoy

    And:





    Also, #NoJoy

    Something that maybe I don't understand but when we launch the Grunt, the Window stays open.  If you close the window, the Grunt dies.  




    Moving along...

    We have the option to "hide" the Grunt:





    I wonder if we get anything different when going the PowerShell route:





    I download it:





    I execute it:





    We see the Grunt in our console:





    Essentially the same as the Binary including the window which stays open.  

    At this point, my attention span is waning and I want to see how antivirus reacts to our Grunts:





    Nice work everyone!  I should also point out that I've removed the gateway from the machine because I'd like to keep the antivirus mothership from getting a peek at these little guys.

    One last test, we fire up the Grunt:





    The antivirus is none the wiser and the Grunt appears in our console.





    Pretty cool!  I wish it did more that was useful to me.  I should also point out that this UI is designed for a large monitor.  I was originally working in a VM and I had to move out to a larger browser because the scaling is not great at 1440 x 900.  


    Cybersecurity solutions for small businesses.

    info@sevenlayers.com
    877.468.0911

    © 2021 Seven Layer Networks, Inc. | All rights reserved.