Project: SilverBullet

SilverBullet is a tool I made for internal red teaming purposes. It is a simple C2 reverse-shell client, that is able to bypass most publicly available enterprise XDRs. At first this project was just a simple proof-of-concept, but it has evolved into a powerful tool that I've used in multiple red teaming engagements.

The source code of this project is not available publicly and it will never be.

Doing the "impossible"

Initial development

This whole project started after I was challenged as a joke to bypass a specific XDR. I started to research the XDR and found some loop-holes in it. A few days later I had a working prototype that was able to bypass the XDR. After the initial success, I started to research other XDRs and found out that most of them were vulnerable to the same technique.

After the initial findings, I contacted some XDR vendors and disclosed the exploit method to them. Most of the vendors were really helpful and made the necessary changes to fix the issues.

Development continues

Next steps

Now, after over a year of development later, SilverBullet has evolved into a powerful tool that I've used in multiple red teaming engagements. The current version has a web dashboard for managing the clients and sending commands. The dashboard also has a list of predefined commands for some common tasks. The latest version also supports multiple different C2 protocols to avoid detection.