Turul as a C2 is based on numerous commerical and open source projects, and our experience of developing custom tooling to meet the needs of clients on various CBEST, cross border Red Teams and other engagements.

While we originally took Empire from BC-Security, we redeveloped more than 90% of the backend code base, much of the frontend, and our malware generation is done off server in our own lab where the implants, loaders, and post exploitation model is compiled via an API and is based on our primary research.

This C2 was initally developed to present the capability relating to logical and mathematical attacks against EDRs.

While of course this can mean a range of things, so far we've managed to implement these concepts with limited budget but can, without any low level abuse, evade EDRs, outplay anti ransomware protection engines and much more.

For now the C2 is loosely based on Cobalt Strike offering similar capability, however rather than providing in beacon post exploitation capabilites, we have decoupled these enabling later the development of a network of post exploitation nodes, that will work in concert together to attack lapses and logical errors in anomaly detection, XDR and aggregated SIEM tools within corporate networks.

The C2 and the GAN are both in Alpha phase and is having further enhancements applied continously.

Over and above Cobalt Strike and other C2s, we ensure public key cryptography when beaconing full stageless (staging is only loosely happening when the switch from AES to RSA takes place):

We are also evolving further capabilities to reduce our on host footprint, moving down to the lowest levels progammatically, and developing work around privilege escalation and implementing capability to move to Protected Processes for our post exploitation module which will be outlined later.

Last updated