Developing a Grey Hat C2 and RAT for APT Security Training and Assessment

No ratings

Presented at grehack 2013 by

Markku-juhani Saarinen

We report on the development of a Remote Access Tool (RAT) and related Command and Control (C2) system for the purposes of simulating Advanced Persistent Threat (APT) attacks during security audits. The system, a set of tools collectively called HAGRAT, is a clean-slate in-house development and remarkable for its compact size. As such, it is backdoor-free and not readily identifiable by Anti-Malware and Intrusion Detection tools (as it has not been indiscriminately distributed). We discuss the design requirements, implementation and the actual the effort required todevelop such software.