From 8e80b70186a0ff7f82f7cb5f44def962ef7e99dd Mon Sep 17 00:00:00 2001
From: Grimmie <57014148+Gr1mmie@users.noreply.github.com>
Date: Sat, 19 Mar 2022 21:13:03 -0400
Subject: [PATCH 01/10] Create README.md
---
README.md | 2 ++
1 file changed, 2 insertions(+)
create mode 100644 README.md
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..3920b48
--- /dev/null
+++ b/README.md
@@ -0,0 +1,2 @@
+# AtlasC2
+C# C2 Framework centered around Stage 1 operations
From 7122b13807a3c401ee8459b40dde6681118ec959 Mon Sep 17 00:00:00 2001
From: Grimmie <57014148+Gr1mmie@users.noreply.github.com>
Date: Sun, 20 Mar 2022 00:27:10 -0400
Subject: [PATCH 02/10] Update README.md
---
README.md | 75 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 75 insertions(+)
diff --git a/README.md b/README.md
index 3920b48..491177e 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,77 @@
# AtlasC2
C# C2 Framework centered around Stage 1 operations
+
+Atlas is based around gaining a foothold within an environment and further utilizing it to smuggle in C# (currently strictly C#) weaponry utilizing an HTTP based implant. Isn't exactly very OPSEC safe in it's current state...at all.
+
+## Usage
+### Starting/Managing Listeners
+To start a new listener, use the `StartListener` command. This command takes two params: Listener name and the port to run on
+
+
+The `Listeners` command lists all listeners, `ViewListener` returns data on the specified listener, and `RemoveListener` can be used to remove a listener from the list
+
+
+
+### Interfacing W/ Implants
+Listing connected implants can be done using the `Implants` command
+
+
+
+Connecting to an implant is as simple as `Connect `. See what I did there?...ok I'll see myself out. Just as the `Connect` command is used to select an implant. `ViewImplant` can be used to view more information on the selected implant. The `Disconnect` command will deselect the currently selected implant as shown below.
+
+
+
+
+### Executing Tasks
+To use a task, a task must first be selected using `SetTask`. Options can be viewed using `TaskOpts` and set using `SetTaskOpt`. Tasks are executing using `SendTask`
+
+
+
+### Viewing Previous Tasks
+It's posible to view the output of a previously run task using `TaskOut`. `TasksOut` can be used to view all previously run tasks pertaining to the selected implant.
+
+
+
+### Shell Execution
+Atlas allows operators to execute both PowerShell and Cmd commands using the `PSShell` and `CMDShell` tasks respectively. `PSShell` opens a new runspace and executes the command so even if `powershell.exe` is blacklisted, PowerShell commands can still be executed. This method also bypasses Constrained Language Mode. `CMDShell` opens a `cmd.exe` process and passes the command into the process. Executing a PowerShell command was shown above so that won't be shown here as well. Site note about `CMDShell`, many common commands executed including (but not limited to) whoami, ipconfig, pwd, and cd have been implemented into the implants functionality to avoid the need to execute such commands via a `cmd.exe` process.
+
+
+
+
+### Loading C# assemblies into memory
+
+Loading assembies takes a few steps unlike something like CobaltStrike that does everything using `execute-assembly`. First, an operator must use the `ByteConvert` utility (`ByteConvert` must be told whether the file is local or remote) to convert either a locally stored or remote file into a byte array and stores this in the `assemBytes` variable. Once this is done, the `Load` task is used to load the assembly into the implant process.
+
+
+
+### Viewing Loaded Assemblies
+To view assemblies loaded into the implant process, operators can use the `AssemQuery` and `AssemMethodQuery` tasks. The former returns all loaded assemblies while the latter returns All public methods pertaining to a loaded assembly
+
+
+The screenshot confirms that the `TestAssem` assembly was indeed loaded into the implant's process.
+
+`AssemMethodQuery` can then be used to return information on `TestAssem` an operator can use to return information used to execute public methods
+
+
+
+### Executing Loaded Assemblies
+Atlas offers the option to execute an assembly from its entry point or a specified exposed method. `ExecuteAssem` can be used to execute from the entry point. This task takes only the name of the assembly. `ExecuteAssemMethod` allows for the execution of other methods using information fetched from `AssemMethodQuery`.
+
+
+
+For a full list of features, swing by the wiki (add link here)
+
+## Compilation
+Open .sln and build all 3 components in Release mode
+
+## To-Do
+* Encode PowerShell Commands
+* Encrypted comms (yikes, ik)
+* AppDomain Manipulation - Allow for the creation/removal of AppDomains and allow operator the ability to select which AppDomain to load assemblies into
+* Better extensability capabilities
+* Implement some sort of profiling system
+* Automated Compilation:
+ * implant
+ * droppers/loaders/stagers
+* Shellcode generation via Donut
+* BOFs would be cool
From 6ec070ae0700859634d6512b49c3c7ad4ebfe0c1 Mon Sep 17 00:00:00 2001
From: Grimmie <57014148+Gr1mmie@users.noreply.github.com>
Date: Sun, 20 Mar 2022 00:30:44 -0400
Subject: [PATCH 03/10] ayy readme isn't empty now...wait no nvm, it kinda
cleaner now
---
README.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/README.md b/README.md
index 491177e..0331d8c 100644
--- a/README.md
+++ b/README.md
@@ -6,6 +6,7 @@ Atlas is based around gaining a foothold within an environment and further utili
## Usage
### Starting/Managing Listeners
To start a new listener, use the `StartListener` command. This command takes two params: Listener name and the port to run on
+
The `Listeners` command lists all listeners, `ViewListener` returns data on the specified listener, and `RemoveListener` can be used to remove a listener from the list
From b4f16628f5d9f2e1ef2d1a115b6f147d643b9549 Mon Sep 17 00:00:00 2001
From: Grimmie <57014148+Gr1mmie@users.noreply.github.com>
Date: Sun, 20 Mar 2022 00:33:36 -0400
Subject: [PATCH 04/10] ok code line thingy format fixed. markdown hard
---
README.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/README.md b/README.md
index 0331d8c..e59f6fd 100644
--- a/README.md
+++ b/README.md
@@ -49,6 +49,7 @@ Loading assembies takes a few steps unlike something like CobaltStrike that does
To view assemblies loaded into the implant process, operators can use the `AssemQuery` and `AssemMethodQuery` tasks. The former returns all loaded assemblies while the latter returns All public methods pertaining to a loaded assembly
+
The screenshot confirms that the `TestAssem` assembly was indeed loaded into the implant's process.
`AssemMethodQuery` can then be used to return information on `TestAssem` an operator can use to return information used to execute public methods
From 8a3fde25077e4f1e59bd04643c7247e38d56c26c Mon Sep 17 00:00:00 2001
From: Grimmie <57014148+Gr1mmie@users.noreply.github.com>
Date: Sun, 20 Mar 2022 00:35:41 -0400
Subject: [PATCH 05/10] Update README.md
---
README.md | 2 ++
1 file changed, 2 insertions(+)
diff --git a/README.md b/README.md
index e59f6fd..0c4fdf3 100644
--- a/README.md
+++ b/README.md
@@ -63,6 +63,8 @@ Atlas offers the option to execute an assembly from its entry point or a specifi
For a full list of features, swing by the wiki (add link here)
+## Note To Self: u forgot YARA rule. dewit
+
## Compilation
Open .sln and build all 3 components in Release mode
From 1d0ab5acf2dded503daf131f1b3d75283b5de912 Mon Sep 17 00:00:00 2001
From: Grimmie <57014148+Gr1mmie@users.noreply.github.com>
Date: Sun, 20 Mar 2022 00:38:33 -0400
Subject: [PATCH 06/10] disclaimer thingy
---
README.md | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index 0c4fdf3..478dcc1 100644
--- a/README.md
+++ b/README.md
@@ -63,8 +63,6 @@ Atlas offers the option to execute an assembly from its entry point or a specifi
For a full list of features, swing by the wiki (add link here)
-## Note To Self: u forgot YARA rule. dewit
-
## Compilation
Open .sln and build all 3 components in Release mode
@@ -79,3 +77,9 @@ Open .sln and build all 3 components in Release mode
* droppers/loaders/stagers
* Shellcode generation via Donut
* BOFs would be cool
+
+
+### Note To Self: u forgot YARA rule. dewit
+
+## Disclaimer
+Atlas was designed soley for educational/ethical purposes. I do not condone nor am I responsible for actions taken by users of Atlas
From 0e2d5afa854695200082e9ce25161fbf0de50afd Mon Sep 17 00:00:00 2001
From: Grimmie <57014148+Gr1mmie@users.noreply.github.com>
Date: Sun, 20 Mar 2022 10:00:01 -0400
Subject: [PATCH 07/10] ya know, would be nice if I can remember everything I
want to add at once
---
README.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/README.md b/README.md
index 478dcc1..4215b8f 100644
--- a/README.md
+++ b/README.md
@@ -67,6 +67,7 @@ For a full list of features, swing by the wiki (add link here)
Open .sln and build all 3 components in Release mode
## To-Do
+* Authentication
* Encode PowerShell Commands
* Encrypted comms (yikes, ik)
* AppDomain Manipulation - Allow for the creation/removal of AppDomains and allow operator the ability to select which AppDomain to load assemblies into
From b0d146d6c53b7de9acaee599c942cdb031f6609a Mon Sep 17 00:00:00 2001
From: Grimmie <57014148+Gr1mmie@users.noreply.github.com>
Date: Sun, 20 Mar 2022 10:18:59 -0400
Subject: [PATCH 08/10] Update README.md
---
README.md | 2 ++
1 file changed, 2 insertions(+)
diff --git a/README.md b/README.md
index 4215b8f..1261e37 100644
--- a/README.md
+++ b/README.md
@@ -69,6 +69,8 @@ Open .sln and build all 3 components in Release mode
## To-Do
* Authentication
* Encode PowerShell Commands
+* Add admin utils:
+ * `cp`
* Encrypted comms (yikes, ik)
* AppDomain Manipulation - Allow for the creation/removal of AppDomains and allow operator the ability to select which AppDomain to load assemblies into
* Better extensability capabilities
From 21a98d56cb8a6d69d9f26b26a5884eec96146abf Mon Sep 17 00:00:00 2001
From: Grimmie <57014148+Gr1mmie@users.noreply.github.com>
Date: Sun, 20 Mar 2022 10:37:05 -0400
Subject: [PATCH 09/10] Update README.md
---
README.md | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/README.md b/README.md
index 1261e37..249b5f6 100644
--- a/README.md
+++ b/README.md
@@ -4,6 +4,11 @@ C# C2 Framework centered around Stage 1 operations
Atlas is based around gaining a foothold within an environment and further utilizing it to smuggle in C# (currently strictly C#) weaponry utilizing an HTTP based implant. Isn't exactly very OPSEC safe in it's current state...at all.
## Usage
+
+### Starting TeamServer
+
+After generating an exe of the client, teamserver, and implant, simply execute `Teamserver.exe` to start up the teamserver
+
### Starting/Managing Listeners
To start a new listener, use the `StartListener` command. This command takes two params: Listener name and the port to run on
From feb79a0fca17c2bb4f9bfdae732012c4f0eb84fc Mon Sep 17 00:00:00 2001
From: Grimmie <57014148+Gr1mmie@users.noreply.github.com>
Date: Sun, 20 Mar 2022 11:02:32 -0400
Subject: [PATCH 10/10] Update README.md
---
README.md | 2 ++
1 file changed, 2 insertions(+)
diff --git a/README.md b/README.md
index 249b5f6..c152fea 100644
--- a/README.md
+++ b/README.md
@@ -76,6 +76,8 @@ Open .sln and build all 3 components in Release mode
* Encode PowerShell Commands
* Add admin utils:
* `cp`
+* Allow for the changing of the sleep timing on implant and implement jitter
+* Allow for operator to change port TeamServer starts on via CLI
* Encrypted comms (yikes, ik)
* AppDomain Manipulation - Allow for the creation/removal of AppDomains and allow operator the ability to select which AppDomain to load assemblies into
* Better extensability capabilities