Click on the timecodes to jump to that part of the video (on YouTube)
Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_SILENTTRINITYIndepthDemo.pdf
1:07 Quick review of SILENTTRINITY functions, an overview of Bring your own Interpreter (BYOI) capabilities, BYOI payload
7:08 BYOI/SILENTTRINITY in a nutshell, advantages vs. disadvantages
16:53 Overview of the almost 50 new modules that have been incorporated, live demo
38:12 Q&A on live demo
55:48 Helpful links and Closing Thoughts
If you’re not familiar with SILENTTRNIITY: it’s an open-source modern, asynchronous, multiplayer & multiserver C2/post-exploitation framework. It’s the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET API’s, a technique Marcello coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over C# tradecraft) only without using PowerShell in any way.
SILENTTRINITY has numerous features that make it stand out from other C2 frameworks; if he had to give you just 4:
- Collaborative – you can share shells between multiple users and control multiple team servers from a single client.
- Fully Modular – Modules, Listeners, Stagers, etc. are completely modular and designed to be easily extended.
- Modern CLI Interface – Tab completion plus a lot of bells and whistles that make it look like an actual CLI from the 21st century.
- Dynamic Evaluation/Compilation Using .NET Scripting Languages – The SILENTTRINITY implant is somewhat unique as it uses embedded third-party .NET scripting languages (e.g. Boolang) to dynamically compile/evaluate tasks.