
Advanced Attack Toolkit, Fully Undetectable Rat / Botnet, and More - jhondoe
https://github.com/quantumcored/paradoxia
======
dx87
Looks like it's just a standard executable that listens on a hardcoded IP and
port. This is the kind of stuff we'd whip up in an afternoon during a pentest
when we needed a throwaway tool to use.

------
badrabbit
In the event you want to pwn a person who uses Linux desktop? If so, glad to
see this, there are cross platform rats that work on Linux but a Linux
specific is rare to me.

Oh and I wouldn't say undetectable,AV may not detect it now but Linux
detection can be pretty wild, even with good EDR vendors a lot of tuning is
needed due to how customizable it is (admins/devs always do one off unusual
things, windows has more predictable structure).

Didn't read the code but I loathe the python usage, if for windows you can use
pyinstaller to build an exe. Anywhere else, your rat will break because of
python versioning/deps.

~~~
metroholografix
The client runs on Windows and is written in C++ (bot directory). It's still
terrible, amateur-level code that nobody should be running but the most
critical aspect here is the architecture: Fixed, with most things hardcoded
and hard to adapt/change. Also, no runtime flexibility whatsoever. This isn't
what an advanced attack toolkit looks like, even a minimal one written in
C/C++.

Here is my own contribution to this space:

[https://downloads.immunityinc.com/infiltrate-
archives/python...](https://downloads.immunityinc.com/infiltrate-
archives/python_deflowered.pdf)

------
DarkStar851
Certainly not FUD or "advanced". No encryption/obfuscation used to communicate
with C2 at all, common patterns in the c++ binary that drops on clients, no
polymorphism, drops itself on the disk. Might be a fun toy project for the
author but this wouldn't be useful in any actual security testing deployments.

------
throwaway12757
Just wanted to say, the github page has a note saying: NOTE : Do not upload
the BOT to online scanners!

With you posting it here, I can guarantee that at least a few people are going
to upload it to online scanners.

------
SahAssar
If it was fully undetectable it would mean that it would have no effect and
does not exist on disk or in memory of any sort. Any malware/RAT is detectable
in someway since it has some effect that shouldn't be there. That can be
network activity, just the process running, just the code existing on a drive
or in memory or anything else.

~~~
qubex
I like how he writes “do not upload to online scanners”.

------
lawnchair_larry
There is nothing noteworthy or undetectable about this. Disappointed that it’s
getting hype on HN.

