Home

Welcome to the Insurgent Framework wiki!

This wiki will serve as a users guide, but most of the content will be written for developers looking to implement their own modules.

###Table of Contents: Installation
Compatibility

Basic Usage

• Designing a Bot
• Testing the Bot
• Building a Bot
• Interacting with Bots

Under the Hood

• Base and Controller
• Handlers
• Transforms
• Modules
• Packing
• Command Format

Module Development

• CommandObject
• Beacons
• Codecs
• Commands
• Threading
• 3rd Party Imports
• XML Parsing Helpers
• Utility Methods

Concept

The idea for the Insurgent Framework came from brainstorming CTF style training scenarios which were to implement incident response, network forensics and penetration testing into a single storyline. As a result I started to develop some simple python botnet code with the intent of having the players discover the activity, analyze the network traffic (or gain access to infected machines), and then build a script which could be used to disable the bots or hijack their C2. Realizing that I would want to quickly adjust these bots and make different variants for future scenarios, I decided to adopt a more modular approach. As with many coding projects, the scope began to creep as quickly as a Zerg invasion. The result is the Insurgent Framework.

Priorities

1. Modularity
2. Capability
3. Compatability
4. Portability
5. Forensically Sound

Some people wonder why forensically sound is our last priority. The original intent of this project was more based on network traffic and bot interaction rather than malware analysis and pen testing. However, we understand that a lot of people will be interested in utilizing it for these reasons. Down the road I anticipate that we will follow the pattern that the Veil Evasion Framework made for AV avoidance utilizing a custom built executable skeleton in PyInstaller.

Why "Insurgent"?

Besides its natural definition being directly applicable, the framework is trying to create an agile and flexible way for individuals to implement and quickly generate a variety of customized, simple and effective bots. Insurgencies today seem to follow a similar approach in that they are tailored to their cause, adapt quickly to enable their spread, and are remarkably effective. Albeit rather easy to take out an individual or small group, others can appear just as quickly and adjust their tactics just enough to require a reactive strategy to defeat them.