redsails – post-exploitation tool aimed at bypassing host based security monitoring and logging
A post-exploitation tool capable of:
- maintaining persistence on a compromised machine
- subverting many common host event logs (both network and account logon)
- generating false logs / network traffic
Based on [PyDivert] (https://github.com/ffalcinelli/pydivert), a Python binding for WinDivert, a Windows driver that allows user-mode applications to capture/modify/drop network packets sent to/from the Windows network stack.
Built for Windows operating systems newer than Vista and Windows 2008 (including Windows 7, Windows 8 and Windows 10).
Redsails has dependencies PyDivert and WinDivert. You can resolve those dependencies by running:
Pycrypto is also needed.
Pycrypto may have a dependency on [Microsoft Visual C++ Compiler for Python 2.7] (https://aka.ms/vcpython27)
Server (victim host you are attacking)
Or if the victim does not have python installed, you can run provided exe (or compile your own! instructions below)
To compile an exe (for deployment) inlieu of the python script, you will need pyinstaller:
Then you can create the exe: