Stealth Execution Engine
Stealth payload delivery and fallback C2 infrastructure for red team operations.
What It Does
Executes Living Off The Land Binaries (LOLBAS) for payload delivery, generates self-contained script droppers, operates Discord webhook-based C2 channels, establishes DNS tunnel exfiltration paths, creates reverse SSH tunnels for C2 relay, sets up Cloudflare C2 fronting to mask traffic, and manages Sliver C2 agent deployment. Zero-compilation approach — pure Python and shell scripting.
Scripts
| Script | Description |
|---|---|
lolbas_exec | LOLBAS execution — certutil, mshta, regsvr32, msiexec payload delivery methods |
script_dropper | Self-contained script dropper generation with configurable payload embedding |
discord_c2 | Discord-based C2 using webhook channels for command and data exfiltration |
dns_tunnel | DNS tunneling setup — iodine-based covert channels for data exfiltration |
reverse_ssh_tunnel | Reverse SSH tunnel establishment for C2 relay through bastion hosts |
cf_c2_front | Cloudflare Workers-based C2 fronting — domain fronting and origin masking |
sliver_ops | Sliver C2 agent deployment and operator commands for EDR-safe operations |
When to Use
Use when primary C2 infrastructure (Adaptix) is unavailable, or when the target environment requires stealthy, living-off-the-land delivery. Run lolbas_exec for initial payload delivery, then establish C2 via discord_c2 or cf_c2_front.
Usage
RedTeamScript(skill="stealth-execution-engine", script="lolbas_exec", args="--payload beacon.bin --method certutil --target win-target")