Skip to content

Introduction to Commands

Commands in Tuoni are simple tasks sent to an agent on a target machine. Examples include listing files or running a program.

Tuoni offers two types of commands via the Command and Control (C2) interface:

Native Commands

Native commands are built directly into the agent. They run inside the agent’s own process and handle basic tasks like configuration and system operations. Their direct integration keeps the agent fast and reliable.

Plugin-Based Commands

Most commands in Tuoni are provided as plugins. These commands consist of two parts:

  • An ExecUnit run by the agent — the executable code that carries out the operation. Depending on the agent build and command, this can be native shellcode, a native DLL, a .NET DLL, or a .NET executable.
  • A Java plugin on the C2 side for configuration, ExecUnit generation, and result parsing.

Plugin commands are flexible. They can run:

  • In the agent's own process,
  • In an existing process,
  • Or in a newly created process.

The C2 automatically selects the best ExecUnit format based on what the command supports and what the agent is capable of executing. See the architecture overview for the full technical detail.

This flexibility makes Tuoni adaptable to many operational needs.