Cyber security

NimPlant C2 : A Position Independent Code (PIC) Beacon

NimPlant C2 is a minimal Proof-of-Concept (PoC) beacon written in C, designed to operate as truly Position Independent Code (PIC) without relying on reflective loaders.

Developed by Tijme Gommers, this project showcases a beacon that is significantly smaller in size compared to traditional NimPlant beacons with reflective loaders, weighing in at approximately 30KB versus 800KB.

Key Features

  • Position Independent Code (PIC): The beacon is compiled directly to PIC, allowing it to execute without fixed addresses. This is achieved by manually resolving imports and storing required data on the stack.
  • AES Encryption: Data passed via JSON is encrypted using AES, enhancing security.
  • Command Support: Currently supports several implant commands, including cat, cd, cp, ls, pwd, and whoami. Future development aims to add support for additional commands like mv, shell, and others.
  • Metadata Retrieval: Capable of retrieving metadata and sending it back to the NimPlant server.
  1. Clone the Repository: Start by cloning the NimPlant C2 repository.
  2. Install Dependencies: Ensure you have MinGW installed.
  3. Modify Settings: Adjust implant settings in the main function located in ./src/main.c as needed.
  4. Compile: Use the make command to compile the code.
  5. Usage: Load the generated shellcode.bin using a shellcode loader of your choice. An example loader is the Kong Loader, set to be released at BlackHat Asia in April 2025.

This project is currently in its early stages and is not production-ready.

Future enhancements include adding support for all implant configuration options, implementing jitter for sleep, and improving opsec measures such as string obfuscation.

Additionally, the project aims to achieve low coupling and high cohesion in its design.

NimPlant C2 is released under the GNU General Public License, version 2.0. Contributions and feature requests can be submitted via the issue tracker.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

How to Install Docker on Ubuntu (Step-by-Step Guide)

Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…

2 hours ago

Uninstall Docker on Ubuntu

Docker is one of the most widely used containerization platforms. But there may come a…

2 hours ago

Admin Panel Dorks : A Complete List of Google Dorks

Introduction Google Dorking is a technique where advanced search operators are used to uncover information…

1 day ago

Log Analysis Fundamentals

Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…

2 days ago

Networking Devices 101: Understanding Routers, Switches, Hubs, and More

What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…

3 days ago

Sock Puppets in OSINT: How to Build and Use Research Accounts

Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…

3 days ago