ExecUnit and shellcode execution

The Tuoni framework is designed with a distinctive architecture, where most command functionalities and listener connection processes are not hard-coded into the core agent. Instead, these functionalities are implemented through executable code provided by plugins. Older implementations delivered that code only as native shellcode; current commercial agents can also execute ExecUnits such as .NET executables, .NET DLLs, and native libraries. The only exception to this rule involves native commands, which are implemented directly in the agent. Communication between plugin code and the agent core is primarily conducted through named pipes, although other methods can be supported by the protocol. This architecture offers several significant advantages:

1. Flexible Command Execution Contexts: Commands and listener connections do not have to execute within the agent's process. Plugin code can run within the process itself, in a new process (possibly under a different user), or even in an existing process when the selected ExecUnit format and agent support that context.

2. Dynamic Addition of New Commands: The C2 can incorporate new commands dynamically, without the need to create a new agent. This ability enhances the adaptability of the system to evolving requirements and scenarios.

3. User-Generated Commands and Listeners: The system allows users to develop and integrate their own commands and listener plugins directly with the C2. This feature significantly extends the capabilities and versatility of the C2, enabling customization and expansion according to specific user needs or operational demands.

Overall, this approach in the Tuoni framework not only enhances the flexibility and scalability of the system but also fosters a dynamic environment where new functionalities can be seamlessly integrated.