Slingshot is a Windows post-exploitation agent used by red teams to conduct advanced network cyber-operations. The agent is written in C++ and the listening post/server is written in Python 3. It is designed and architected with stealth in mind, enabling operators to emulate sophisticated adversaries. It also increases the speed and efficiency of advanced operations through its Python scripting engine and fluid interface.
Take Post-Exploitation Ops to the Next Level
Extensible and Modular
Slingshot can load and execute PowerShell scripts and .NET assemblies in-memory extending functionality and automating routine tasks. Scripts and assemblies get loaded and executed to bypass AMSI and script block logging.
Slingshot has malleable communication profiles, meaning operators can quickly and easily modify detailed aspects of the C2 traffic including HTTP headers, POST/GET pages and parameters, compression, connection wait times, and much more.
Python Scripting Engine
The Slingshot LP (listening post) is built in Python 3. Operators can easily build and run custom Python 3 based scripts on targets to analyze command output, conduct host pivots, collect target data, or perform virtually any command in an automated fashion.
Windows API Integration
Sooooo many routine operator commands have been integrated directly into Slingshot through the use of Windows APIs. This allows operators to maintain operational security by avoiding appearing in the process list or the use of cmd.exe.
All commands and corresponding output are logged and timestamped. This allows red and blue teams to analyze target data, align timelines, and develop targeted operation plans.
Slingshot is developed by the Silent Break Security and used in cyber operations continually. Development is constant as new features and improvements are pushed to the production version. Got ideas? We want to hear them!
Fluid, Efficient Ops
- Python server-side automation
- 4 scripted pivoting techniques
- Scheduled Task management
- In-memory keylogger
- Native SysCall broker for direct kernel calls
- End-to-end encryption with key exchange
- In-memory PowerShell script execution
- In-memory .NET assembly execution
- Desktop screenshots and webcam captures
- Full Mimikatz integration
- SOCKS and reverse port forwarding module
- WMI integration (Queries, execution, etc.)
- Service Controller management
- Registry management
- File management (cd, mv, ls, upload, download, etc.)
- SMB communications
- Configurable TTPs and C2 profiles
- Configurable process injection techniques
Frequently Asked Questions
I took the Dark Side Ops training and already have Slingshot. Is this version different?
Yes! The version of Slingshot in RTT is much more functional. Just see the features list above, or contact us for more details.
Does RTT include source code?
The Slingshot LP (e.g. server) source code is included in RTT. The Slingshot agent (e.g. client) consists of several compiled binaries, patched with callback domain data.
We already have tool xyz! Why do we need another red team tool?
Maybe you don’t! There are some great red team tools out there and if you’re able to conduct adversary simulations without getting caught using your current tool chain, then great! We believe offense-in-depth is a necessary part of effective operations, and that the features and capabilities included in RTT are absolutely worth it.
What does it cost?
RTT licenses cost $7,000 per user for the first year. Subsequent license renewals cost $3,500 per user per year.
Do you offer volume discounts?
Yes! Send us an email and we’ll help you out with custom pricing.
Can I get a demo? How about a trial?
Sure! Contact us to setup a demo or ask any additional questions. Also check out our YouTube Channel for videos showcasing the latest features and functionality. Currently, trial licenses are not provided.
Is there documentation? How about tutorials?
Documentation is maintained in the RTT Client Portal. It includes detailed tool usage and functionality, Slingshot Python scripting examples, and license information. Tutorials can be found on our YouTube Channel.