RED TEAM TOOLKIT
Slingshot is a post-exploitation agent used by red teams to conduct
advanced network cyber-operations
Take Post Exploitation Ops To The Next Level
Slingshot was architected and built with an opsec-first mentality,
enabling operators to more accurately emulate sophisticated
adversaries. What does this mean? This means ZERO process creation
on operations. This means malleable network comms. This means
SYSCALL process injection. This means in-memory string encryption.
This means C2 data obfuscated in legitimate HTML traffic. For teams
looking to step up their operational capabilities, Slingshot is a
The agent is written in C++ and the listening post/server is written in Python 3. It is designed and architected with stealth in mind, enabling operators to emulate sophisticated adversaries. It also increases the speed and efficiency of advanced operations through its Python scripting engine and fluid interface.
Extensible And Modular
Slingshot can load and execute PowerShell scripts and .NET assemblies in-memory extending functionality and automating routine tasks. Scripts and assemblies get loaded and executed to bypass AMSI and script block logging.
Slingshot has malleable communication profiles, meaning operators can quickly and easily modify detailed aspects of the C2 traffic including HTTP headers, POST/GET pages and parameters, compression, connection wait times, and much more.
Python Scripting Engine
The Slingshot LP (listening post) is built in Python 3. Operators can easily build and run custom Python 3 based scripts on targets to analyze command output, conduct host pivots, collect target data, or perform virtually any command in an automated fashion.
Windows API Integration
Many routine operator commands have been integrated directly into Slingshot through the use of Windows APIs. This allows operators to maintain operational security by avoiding appearing in the process list or the use of cmd.exe.
All commands and corresponding output are logged and timestamped. This allows red and blue teams to analyze target data, align timelines, and develop targeted operation plans.
Slingshot is developed by the Silent Break Security and used in cyber operations continually. Development is constant as new features and improvements are pushed to the production version. Got ideas? We want to hear them!
Stealthy, Efficient Ops
– Upload and download files
– Python scripting
– 4 scripted pivoting techniques
– Scheduled Task API integration
– In-memory keylogger
– End-to-end encryption with key exchange
– In-memory execution of PowerShell scripts
– Capture desktop screenshots
– In-memory execution of .NET assemblies
– SOCKS proxying
– Full Mimikatz integration
– Service controller API integration
– File management (cd, mv, ls, etc.)
– SMB named pipe pivoting
– Configurable TTPs and communication profiles
– Capture webcam snapshots
I took the Dark Side Ops training and already have Slingshot. Is this version different?
Yes! The version of Slingshot in RTT is much more functional. Just see the features list above, or contact us for more details.
Does RTT include source code?
The Slingshot LP (e.g. server) source code is included in RTT. The Slingshot agent (e.g. client) consists of several compiled binaries, patched with callback domain data.
We already have tool xyz! Why do we need another red team tool?
Maybe you don’t! There are some great red team tools out there and if you’re able to conduct adversary simulations without getting caught using your current tool chain, then great! We believe offense-in-depth is a necessary part of effective operations, and that the features and capabilities included in RTT are absolutely worth it.
What does it cost?
RTT licenses cost $7,000 per user for the first year. Subsequent license renewals cost $3,500 per user per year.
Do you offer volume discounts?
Yes! Send us an email and we’ll help you out with custom pricing.
Can I get a demo? How about a trial?
Sure! Contact us to setup a demo or ask any additional questions. Also check out our YouTube Channel for videos showcasing the latest features and functionality. Currently, trial licenses are not provided.
Is there documentation? How about tutorials?
Documentation is maintained in the RTT Client Portal. It includes detailed tool usage and functionality, Slingshot Python scripting examples, and license information. Tutorials can be found on our YouTube Channel.