Intro

Beacon Object Files have become very popular for red teams to add additional capabilities on the fly without needing to include the overhead of a reflective DLL or .NET assembly. This advantage comes at the cost of Beacon Object Files being a little bit awkward to develop. One development quirk is the need to prefix imported symbols with the associated library name where the symbol can be found. This concept, known as Dynamic Function Resolution (or DFR), is how the BOF tells the BOF loader where to find external symbols.

This is part two of a series of blog posts on Thanatos, a Mythic C2 agent written in Rust. This post will go over setting up Mythic and Thanatos in an Ubuntu VM and the agent’s usage.

Part one of the series discusses how this project came about and the development of it.

Project repository: https://github.com/MythicAgents/thanatos

Overview

• Thanatos Features and Functionality
  • Installing Mythic with Thanatos: Setting up Mythic and Thanatos on an Ubuntu VM
  • Building the Agent: How to build the payload
  • Using the Agent: Basic functionality
  • Unique Capabilities: Features which standout compared to other C2 agents
• Future Improvements

Thanatos Features and Functionality

If you’re new to Mythic, I highly recommend checking out the Mythic Documentation. Mythic is very unique compared to other C2 frameworks due to its modular design. Other frameworks such as Cobalt Strike or Empire include a full suite of modules including: C2 profiles/transports, stagers, payloads a UI, etc. Mythic decides to take these common features of a C2 framework and split them up into three distinct server, C2 profiles and payload types modules. Due to this design, payloads can vary from compiled .NET Windows executables to chrome web browser extensions. C2 profiles give the operator and developers flexibility on how their payloads communicate with Mythic. This allows a very high level of flexibility to tune the operation based on what the target is. The currently public C2 profiles are HTTP, DNS and websocket but profiles can be developed which utilize AWS S3 buckets, Microsoft Teams, Dropbox or various other mediums for communication.

This is part one of a series of blog posts on Thanatos, a cross-platform Mythic C2 agent written in Rust. This post will go over how the idea for this project came about and why Rust is a great language for offensive tooling development.

Part two of the series goes over setting it up in an Ubuntu VM and its functionality.

Project repository: https://github.com/MythicAgents/thanatos

Overview

• Development

  • Background: Some background on what motivated this project and what this project is
  • Why Mythic?: Advantages of using Mythic for a C2
  • Mythic Payload Development: Development of a Mythic C2 agent
  • Challenges: Challenges faced during development

• Rust Programming Language