Introduction I recently began exploring the inner workings of the Sliver C2 framework after completing the “Sliver C2: Pentesting and Evasion” course by Tyler Ramsbey (Senior Security Engineer and Lead Instructor at TCM Academy). His course provided a massive spark of inspiration, demystifying how modern Command and Control (C2) frameworks operate and how they can be tuned to bypass Antivirus (AV) solutions. While Sliver is an incredible Go-based tool, I wanted to test the limits of my own development skills. This project started as an exploration of the fundamental mechanics of evasion. Using the practical insights from Tyler’s teachings, I decided to build my own C2 agent and server—written entirely in Python. ...
Threat Hunting with Splunk Part 1 - Website Defacement
The Scenario Today is Alice’s first day at the Wayne Enterprises Security Operations Center (SOC). Lucius Fox has just dropped a memo from the Gotham City Police Department (GCPD) on her desk. The Intel: Evidence found on Pastebin suggests that www.imreallynotbatman.com—hosted on Wayne Enterprises’ infrastructure—has been compromised by the Po1s0n1vy APT group. Their goal? Defacement and embarrassment. Your mission is to validate the compromise, trace the attack vector, and reconstruct the timeline using Splunk. ...