At current attacks, malicious actors are increasingly using Silver as a command-and control framework. This option is becoming increasingly popular among threat actors as it provides a viable alternative for commercial tools like:
The Sliver security tool is flexible and adaptable, so it can be used in any organization.
Cybereason published an extensive analysis of the system a few days back. It provides a look at its operation and revealed these results.
Sliver has more attraction
The BishopFox experts have created a new tool called Silver. The ultimate tool for red-team security personnel is this cutting-edge framework of post-exploitation, which was built with the flexible Golang programming language.
Silver is becoming more popular for many reasons. We have listed them all below.
- Alternative to Metasploit and Cobalt Strike: Open-source alternatives
- Modularity of Armory’s platform
- Cross-platform: OS X and Linux.
Silver is gaining popularity at an ever increasing pace since its 2020 release. The software offers many capabilities to simulate adversaries, but the best and most notable are:
- Dynamic code generation
- Compile-time Obfuscation
- Payloads for Staged or Stageless
- Secure C2 is available over WireGuard and mTLS.
- Windows process migration, process injection, user token manipulation, etc.
- Integration with Let’s Encrypt
- Execution of.NET in-memory assembly
- In-memory COFF/BOF loader
- Named pipe pivots and TCP
- Armory is alias manager of extension packages
Framework Architecture of Sliver
Any hacker can use the silver in their arsenal to gain privileges, steal credentials and penetrate deeper into the network. It is possible to seize the domain controller, extract sensitive data and then execute this ultimate goal.
Over the last few years, Sliver has been weaponized by a number of hackers including:
- group (aka Cozy Bear)
- Shathak (aka: TA551)
- Exotic Lily (aka Projector Libra).
Previous reports indicated that is linked to the spread of malware families such as:
Exotic Lily was also connected to BumbleBee Loader malware distribution.
The Sliver C2 ecosystem is made up of four components. They work in unison to create a seamless experience.
- Server Console
- Server Sliver C2
- Client Console
Sliver is one of many open-source frameworks that has been used to gain malicious advantages.
Qualys reported last month that Empire was used by a variety of cybercriminal groups to further their intrusions and maintain control over targeted systems.
Empire is a post-exploitation framework that offers impressive capabilities.
Network Security Checklist