Introducing Slackor, a Remote Access Tool Using Slack as a C2 Channel

ID COALFIRE:0EB5E5764E4586D57AFA5543002A17D5
Type coalfire
Reporter The Coalfire Blog
Modified 2019-06-19T19:31:19


As a penetration tester at Coalfire Labs, I frequently use exploitation frameworks such as Metasploit or PowerShell Empire to perform post-exploitation actions on compromised endpoints. While anti-virus (AV) bypass and detection avoidance is often trivial in all but the most mature environments, detections from AV have caused me to look toward custom tooling to mitigate the risk of being detected by both traditional AV as well as security operations teams relying on network indicators. Over the past year I've been slowly developing my own tooling to deal with these challenges.