Project: SilverBullet

SilverBullet is a tool I made for internal red teaming purposes. It is a simple C2 reverse-shell client, that is able to bypass most publicly available enterprise EDRs. At first this project was just a simple proof-of-concept, but it has evolved into a powerful tool that I've used in multiple red teaming engagements.

This tool is not publicly available and never will be. I have worked with some EDR vendors to fix the issues that this tool exploits.

Doing the "impossible"

Initial development

This whole project started after I was challenged as a joke to bypass a specific EDR. I started to research the EDR and found some loop-holes in it. A few days later I had a working prototype that was able to bypass the EDR. After the initial success, I started to research other EDRs and found out that most of them were vulnerable to the same technique.

After the initial findings, I contacted some EDR vendors and disclosed the vulnerabilities to them. Most of the vendors were really helpful and made the necessary changes to fix the issues.

Development continues

Next steps

Now, after over a year of development later, SilverBullet has evolved into a powerful tool that I've used in multiple red teaming engagements. The current version has a web dashboard for managing the clients and sending commands. The dashboard also has a list of predefined commands for some common tasks. The latest version also supports multiple different C2 protocols to avoid detection.