(original) (raw)

Backend & Frontend Plugins

Server and client extensible via user plugins

Minimal via 3rd party agents and External C2

Constrained or unintuitive External C2 only

Agent Architecture

Fully Position Independent, no Reflective DLL Loading

Uses Reflective DLL Loading (sRDI / RDLL)

Uses Reflective DLL Loading

Extension System

Select features at build and runtime, unload when done

Not supported

Dynamic Channel Switch

Switch C2 channels (DNS, HTTP, SMB) at runtime

Requires spawning a new session

Channels are baked in, not dynamic

Hot Swappable C2 Profile

Switch C2 profiles (e.g. HTTP, DNS, DoH, DoT) at runtime

Requires spawning a new session

Similar feature offered

Feature Hooking

Extend or hook internals for evasion in a documented way

Requires modifying agent source code

User Defined Reflective Loader, limited exposure

Scripting Capabilities

Full Python scripting: extensions, BOFs, automation, UI

Bare bones, only new commands supported

JSON configs or bare bones scripting, some offer none

E2E Encryption

X25519 key exchange + ChaCha20-Poly1305 encryption

AES only

AES or RC4 symmetric encryption

SOCKS5 & Reverse Port Forwarding

Stable tunnels with UDP ASSOCIATE and full IPv6 support

Working SOCKS5 and Reverse Port Forwarding

UDP ASSOCIATE support sometimes missing

Binary Obfuscation

Custom per-customer bin2bin compiled binary, unique signatures

Not available

Async Beacon Object Files

Supports standard BOFs and Async BOFs, minimal changes needed

Standard BOFs only

Varies, may require full tooling rewrite

Adaptive BOF Evasion

Auto-applies stack spoofing, memory stomping to BOF execution

Not available

Varies, operator may need to pass functions manually

VM Based Post-Exploitation

VM tech for post-ex without allocating executable memory regions

Not available