Slingshot is a post-exploitation agent used by red teams to conduct advanced network cyber-operations. The agent is written in C++ and the listening post/server is written in Python 3. It is designed and architected with stealth in mind, enabling operators to emulate sophisticated adversaries. It also increases the speed and efficiency of advanced operations through its Python scripting engine and fluid interface.
Take Post-Exploitation Ops to the Next Level
Extensible and Modular
Slingshot can load and execute PowerShell scripts and .NET assemblies in-memory extending functionality and automating routine tasks. Scripts and assemblies get loaded and executed to bypass AMSI and script block logging.
Slingshot has malleable communication profiles, meaning operators can quickly and easily modify detailed aspects of the C2 traffic including HTTP headers, POST/GET pages and parameters, compression, connection wait times, and much more.
Python Scripting Engine
The Slingshot LP (listening post) is built in Python 3. Operators can easily build and run custom Python 3 based scripts on targets to analyze command output, conduct host pivots, collect target data, or perform virtually any command in an automated fashion.
Windows API Integration
Sooooo many routine operator commands have been integrated directly into Slingshot through the use of Windows APIs. This allows operators to maintain operational security by avoiding appearing in the process list or the use of cmd.exe.
All commands and corresponding output are logged and timestamped. This allows red and blue teams to analyze target data, align timelines, and develop targeted operation plans.
Slingshot is developed by the Silent Break Security and used in cyber operations continually. Development is constant as new features and improvements are pushed to the production version. Got ideas? We want to hear them!
Fluid, Efficient Ops
- Upload and download files
- Python scripting
- 4 scripted pivoting techniques
- Scheduled task API integration
- In-memory keylogger
- End-to-end encryption with key exchange
- In-memory execution of PowerShell scripts
- Capture desktop screenshots
- In-memory execution of .NET assemblies
- SOCKS proxying
- Full Mimikatz integration
- Service controller API integration
- File management (cd, mv, ls, etc.)
- SMB named pipe pivoting
- Configurable TTPs and communication profiles
- Capture webcam snapshots
Frequently Asked Questions
- I took the Dark Side Ops training and already have Slingshot. Is this version different?
Yes! The version of Slingshot in RTT is much more functional. Just see the features list above, or contact us for more details.
- Does RTT include source code?
The Slingshot LP (e.g. server) source code is included in RTT. The Slingshot agent (e.g. client) consists of several compiled binaries, patched with callback domain data.
- We already have tool xyz! Why do we need another red team tool?
Maybe you don’t! There are some great red team tools out there and if you’re able to conduct adversary simulations without getting caught using your current tool chain, then great! We believe offense-in-depth is a necessary part of effective operations, and that the features and capabilities included in RTT are absolutely worth it.