Tuoni: General Terminology and Descriptions
To enhance clarity and minimize confusion, this document outlines the common terminology used in the Tuoni framework along with their corresponding descriptions. Understanding these terms is essential for comprehending the functionality and operations within Tuoni.
Terminology
Agent
An executable or shellcode component of Tuoni that operates within the targeted machine. It establishes a connection back to the Command and Control center (C2). The C2 maintains a list of these connected agents, having the capability to control them and generate new ones.
C2 (Command and Control)
The central hub of Tuoni used for managing agents. It is responsible for agent generation, control, and the orchestration of all related processes. The C2 comprises two main parts: the core (C2 core) and various plugins that implement the logic for listeners and commands.
C2 Core
This is the foundational component of the C2. It handles the logic and management of agents, commands, listeners, plugins, key management, REST API, user management, and other core functionalities.
Metadata
A data structure transmitted by the agent to C2, containing essential information about the agent and its operating environment (such as GUID, username, machine name, OS, OS version, working directory, local network interfaces, etc.). It includes an AES key for encrypting command data and results. The metadata itself is encrypted using the C2's public key.
Command
A specific task dispatched from C2 to an agent for execution.
Result
The outcome or output generated in response to a command.
Command Plugin
A plugin for C2 that implements the C2-side of a command. It includes setting up parameters, data preparation, result parsing, etc., and also encompasses the command plugin shellcode.
Command Plugin Shellcode
The component that realizes the command's logic on the agent side. This is the agent-side part of the command plugin.
Listener Plugin
A plugin for C2 that implements the listener's logic on the C2 side, along with the listener plugin shellcode.
Listener Plugin Shellcode
This shellcode implements the logic for establishing listener connections on the agent side, essentially the agent-side part of the listener plugin.
Payload generator Plugin
A plugin for C2 that implements the payload generation. There can potentially be infinite number of different plugins for creation of different payloads.
Request
An HTTP request made to the C2 REST API.
Response
The HTTP response received from the C2 REST API.
This terminology forms the backbone of the Tuoni framework, providing a clear understanding of its components and their interactions. Familiarity with these terms is crucial for anyone working with or analyzing Tuoni's functionalities.