Skip to content

General architectural visuals

This document gives visual overview of the Tuoni architectural build

Overall overview

C2

C2 part of the Tuoni consist of the core C2 that handles entire base logic of the C2, agent data, commands, listener logic, key management, API (GUI and scripts use this to control C2), user management etc, and the plugins that implements agent-C2 communication layer logic or command implementation logic.

alt text

C2 and agent

Agent and C2 communication works via plugin (C2 side) and plugins shellcode (agent side). The internal communication protocol between C2 core and agent can be encapsulated into any protocol by the listener and it's shellcode. Most typical is the HTTP/-S listener type that wraps internal protocol into HTTP requests and responses.

alt text

C2, agent and GUI

The control of the C2 works over REST API and websocket provided by the C2. The GUI connects C2 with this API and provides users access over HTTP via browser. Users can also connect directly to C2 API with their own GUI or scripts.

alt text

How agent is generated

Following diagrams visualize generation of the agent executable. In this scenario user requests payload to be generated based on one of the templates ("payload template #3") and one listener ("LISTENER PLUGIN #1").

Step 1

Copy of the template file is created in memory. Agent generation step 1

Step 2

Strcuture (TLV) containing listener shellcode, shellcode configuration and shellcode execution configuration is created in memory. Agent generation step 1

Step 3

Structure (TLV) is implanted into the payload resources and result is provided to the user. alt text