Turul - Project Introduction
ML TRAININGATLAN DIGITAL
  • Welcome to Turul
    • Overview
    • How to access Turul
  • User Interface
  • Data Management
    • Tasks
    • Credentials
  • Listener and Infrastructure Management
    • HTTPS Listener Management
    • Listener Setup
    • Redirector
  • Turul Implants
    • Implant Management
    • Turul's Implant Generation
      • Implant Setup
  • Post Exploitation
    • Beacon Management
    • Beacon
    • The Post Exploitation Module
    • Upload and Download
    • File Browser
    • Other Commands
  • Malleable Command and Control
    • Overview
    • Malleable Profiles
      • Profile Language
      • Data Transform Language
      • Options
      • Profile walkthrough
  • HTTP transaction of a Beacon
Powered by GitBook
On this page

Turul Implants

Last updated 1 year ago

Turul Implants are written in C#, leveraging the findings from our ongoing research into our MalwareGAN which was initally presented in the link below. The thinking has evolved enomously since then:

There are no low level abuse mechanisms involved: there are no syscalls, nor in memory shellcode encyption and works - currently somewhat naively implemented - on leveraging the mathematical blindspots of these systems.

Implant Type
E5 Defender
Sophos EDR
Crowd Strike

DLL

✔

✔

Untested

EXE

✔

✔

Untested

XLL

✔

✔

✔

It is certain that the Turul Implants can bypass more EDRs out of the box, but we have not fully tested them on other EDRs (yet - owing to not having access yet).

An earlier video showing this against Crowdstrike and E5 ATP in parellel, but more videos to come within the next two weeks showing implant and loader generation and deployment into a Virtual machine. Numerous Virtual Machines will be showcased with whatever EDRs we can get hold of and buy, to present the capability, alongside those that have in built NDR modules, as does E5 ATP.

Malware GAN & ATP: Detailed Introduction - Atlan Digital - Offensive Security LabAtlan Team
Logo