It uses a range of methods to evade EDR and AV while allowing the operator to continue using tooling and tradecraft they are familiar with. Its powered by Python 3.8 and C, and uses Donut for payload generation. By using Donut along with the process injection capabilities of SHAD0W, it provides the operator the ability to execute .NET assemblies, DLLs, EXEs, JS, VBS or XSLs fully inside the memory. Dynamically resolved syscalls are heavily used to avoid userland API hooking, anti-DLL injection to make it harder for EDR to load code into the beacons, and official Microsoft mitigation methods to protect spawn processes. Runs fully inside of Docker allowing cross-platform usage. SHAD0W is a modular C2 framework designed to successfully operate on mature environments. All traffic between beacons and the C2 are encrypted and transmitted over HTTPS.

Features

  • Built for Docker
  • Extremely modular
  • HTTPS C2 communication
  • JSON based protocol
  • Live proxy and mirror
  • Modern CLI

Project Samples

SHAD0W Screenshot 1

Project Activity

See All Activity >

Categories

Frameworks, Post-Exploitation Frameworks

License

MIT License

Follow SHAD0W

SHAD0W Web Site

You Might Also Like
Gen AI apps are built with MongoDB Atlas Icon
Gen AI apps are built with MongoDB Atlas

The database for AI-powered applications.

MongoDB Atlas is the developer-friendly database used to build, scale, and run gen AI and LLM-powered apps—without needing a separate vector database. Atlas offers built-in vector search, global availability across 115+ regions, and flexible document modeling. Start building AI apps faster, all in one place.
Start Free
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of SHAD0W!

Additional Project Details

Programming Language

C

Related Categories

C Frameworks, C Post-Exploitation Frameworks

Registered

2022-09-15
Report inappropriate content