Introducing Merlin — A cross-platform post-exploitation HTTP/2 Command & Control Tool

tl;dr Evade network detection during a penetration test/red team exercise by using a protocol that existing tools aren’t equipped to understand or inspect. Merlin is post-exploitation tool that is easily cross-compiled to run on any platform to achieve command and control of a host.

Background

Encryption

Evasion

Merlin

Merlin Server

Merlin Server Banner
Merlin Agent Check In and Agent List
Merlin Server Main Menu Tab Completion
Merlin Server Agent Info Command Tab Completion
Merlin Agent Information

Merlin Agent

Merlin Agent Windows PowerShell Command
Merlin Agent Linux Python Command
Merlin Agent MacOS Command
Merlin Orphaned Agents Re-Initializing

Conclusion