Shellcode execution
The Tuoni framework is designed with a distinctive architecture, where most command functionalities and all listener connection processes are not hard-coded into the core agent. Instead, these functionalities are implemented through shellcodes provided by various plugins. The only exception to this rule involves native commands, which are few in number. Currently, the communication between these shellcodes and the agent core is primarily conducted through named pipes, although other methods could be incorporated in the future. This architecture offers several significant advantages:
-
Flexible Command Execution Contexts: Commands, and potentially listener connections (though not yet supported in generation by C2, they are technically feasible), don't have to execute within the agent's process. Commands can run within the process itself, in a new process (possibly under a different user), or even in an existing process. This flexibility in execution context is available for any non-native command and works "out of the box," requiring no additional development.
-
Dynamic Addition of New Commands: The C2 can incorporate new commands dynamically, without the need to create a new agent. This ability enhances the adaptability of the system to evolving requirements and scenarios.
-
User-Generated Commands and Listeners: The system allows users to develop and integrate their own commands and listener plugins directly with the C2. This feature significantly extends the capabilities and versatility of the C2, enabling customization and expansion according to specific user needs or operational demands.
Overall, this approach in the Tuoni framework not only enhances the flexibility and scalability of the system but also fosters a dynamic environment where new functionalities can be seamlessly integrated.