Faction – C2 Framework

Faction is a C2 framework for security professionals, providing an easy way to extend and interact with agents. It focuses on providing an easy, stable, and approachable platform for C2 communications through well documented REST and Socket.IO APIs.

Faction was developed with a heavy focus on being modular, allowing it to be flexible enough to serve a variety of needs. Because of this, there are few things about Faction that are different from a standard C2 platform.

  1. While the Faction team has released a .NET agent for Faction, is not THE Faction agent. Faction was designed to interact with any agent that speaks its language. This means that you can easily create your own agent for Faction either for your internal team or the world at large.

  2. You can create an entirely stand alone agent with all its functionality baked in, but agents greatly benefit when they can load Faction modules. These modules are stand alone libraries or code that bring new commands and features to an agent. An important aspect of Faction modules is that they are designed to be language specific, not agent specific. For example, any agent that can load the .NET runtime can leverage Faction’s .NET modules.

  3. In most engagements, you’re not going to have your agents connecting back directly to your C2. Faction was designed with redirects in mind in the form of Transport Servers. Transport Servers sit between Faction and your agent and handle masking your communications, and since Faction is all API based, these servers can be written in whatever language you’re most comfortable in.

Instead of one large monolithic application, Faction is designed loosely around a micro services architecture. Functionality is split into separate services that communicate through message queues. This approach provides several advantages, most important of which is allowing users to quickly be able to learn how the system operates.

Faction consists of four main services:

  • Console: The Faction console is a javascript application that interacts with the Faction API. It can be accessed with any modern browser and serves as the operational entry point to the system.

  • API: The API is the how users, agents, and anything else interacts with Faction.

  • Core: The Core service handles all user and agent messaging, including processing user commands and handling encrypting/decrypting agent messages.

  • Build Servers: Build Servers handle building payloads and modules. They are language specific, allowing Faction to be easily extended to support new languages. Currently Faction supports .NET payloads and modules.

In addition to these services, Faction also relies on RabbitMQ for communication between services and PostgreSQL for data storage.


Installing Faction and usage can be found here

Source : Haxf4rall

Previous ArticleNext Article
Send this to a friend