General Architectural Visuals

This page gives a visual overview of the Tuoni architectural build.

Overall Overview

C2

C2 part of the Tuoni consist of the core C2 that handles entire base logic of the C2, agent data, commands, listener logic, key management, API (GUI and scripts use this to control C2), user management etc, and the plugins that implements agent-C2 communication layer logic or command implementation logic.

C2 and Agent

Agent and C2 communication works via plugin (C2 side) and plugins shellcode (agent side). The internal communication protocol between C2 core and agent can be encapsulated into any protocol by the listener and its shellcode. The most typical is the HTTP/S listener type that wraps the internal protocol into HTTP requests and responses.

C2, Agent and GUI

The control of the C2 works over REST API and WebSocket provided by the C2. The GUI connects to the C2 with this API and provides users access over HTTP via browser. Users can also connect directly to the C2 API with their own GUI or scripts.

How an Agent is Generated

The following diagrams visualize the generation of an agent executable. In this scenario, the user requests a payload to be generated based on one of the templates ("payload template #3") and one listener ("LISTENER PLUGIN #1").

Step 1

A copy of the template file is created in memory.

Step 2

A structure (TLV) containing the listener shellcode, shellcode configuration, and shellcode execution configuration is created in memory.

Step 3

The structure (TLV) is implanted into the payload resources and the result is provided to the user.