Skip to content

PatchRequest/Kassandra

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

19 Commits
Payload_Type
Payload_Type
Β 
Β 
.gitignore
.gitignore
Β 
Β 
KassandraLogo.png
KassandraLogo.png
Β 
Β 
LICENSE.md
LICENSE.md
Β 
Β 
README.md
README.md
Β 
Β 
config.json
config.json
Β 
Β 

Repository files navigation

Kassandra - Rust Mythic Agent

Kassandra is a custom Mythic C2 agent written in Rust, containerized via a Python-based builder. It is currently in development and includes several advanced post-exploitation and pivoting features. This public release of the agent does not include all implemented obfuscation and defense evasion techniques. Several components such as advanced in-memory obfuscation, indirect syscalls, and full transport stealthβ€”have been stripped or simplified intentionally to limit abuse and make replication harder for script kiddies. The full version remains private for controlled red team use.

Kassandra Logo

βš™ Features

  • Syscall Evasion:

    • Hell's Hall for stealthy syscall resolution
    • EkkoSleep (timing-based sleep obfuscation)

  • Security Context Control:

    • Modify the Security Descriptor of the current process to restrict/allow interaction

  • Filesystem Ops:

    • Upload / Download files
    • Enumerate directories and file attributes

  • Process Management:

    • List running processes

  • In-Memory Execution:

    • Execute .NET assemblies in memory
    • Load and run Beacon object files (.boF) in memory

  • Proxy & Pivot:

    • Start a socket proxy tunnel via the teamserver
    • Use the agent as a pivot endpoint for other agents

  • Execution:

    • Run arbitrary PowerShell commands

  • Reconnaissance:

    • Take screenshots (GDI-based capture, PNG-encoded)

πŸ”§ Notes

  • Not yet complete:

    • Full Initial check-in procedure
    • Full encryption of transport and task responses

🐍 Builder

The agent is built and packaged using a Python container compatible with Mythic’s payload type framework. Uses cargo with x86_64-pc-windows-gnu target.

πŸ“ Structure

/agent_code/kassandra/
β”œβ”€β”€ src/
β”‚   β”œβ”€β”€ main.rs
β”‚   β”œβ”€β”€ transport/
β”‚   β”œβ”€β”€ tasks/
β”‚   └── ...
β”œβ”€β”€ build.rs
└── Cargo.toml

🚧 Disclaimer

This project is for educational and red teaming purposes only. Do not use without proper authorization.

Special thanks to MalDevAcademy for their high-quality malware development training, @5mukx for sharing advanced evasion techniques, VX-Underground for curating an essential archive of offensive research, and also to @ZkClown and Ze_Asimovitch for their continuous inspiration and contributions to the red teaming community

About

Kassandra is a custom Mythic C2 agent written in Rust, containerized via a Python-based builder

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

9 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages