Skip to content
/ IC2 Public

IC2 is a decentralized penetration testing framework that enables secure P2P communication between Clients and Implants via WebRTC, eliminating traditional C2 infrastructure. Designed for stealth and resilience, it enhances red teaming and adversary simulation by bypassing network-based detection with encrypted, real-time data exchange.

6 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

varocarras/IC2

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

128 Commits
C2-Client
C2-Client
 
 
Implant
Implant
 
 
resources
resources
 
 
server
server
 
 
.gitignore
.gitignore
 
 
BUILDING.md
BUILDING.md
 
 
Demo Malware.mp4
Demo Malware.mp4
 
 
README.md
README.md
 
 

Repository files navigation

IC2 - P2P RTC Penetration Testing Framework

⚠️ Disclaimer: For Research & Educational Use Only ⚠️

IC2 is a powerful penetration testing framework designed for security research and adversary simulation. This tool includes functionality capable of bypassing Windows Defender mechanisms, executing payloads, and exfiltrating sensitive data. Due to its offensive capabilities, IC2 should only be deployed in controlled, isolated, and virtualized environments. Unauthorized or malicious use of this framework may violate legal and ethical guidelines. Users are responsible for ensuring compliance with applicable laws and obtaining proper authorization before executing tests. The developers assume no liability for misuse.

Introduction

  • This penetration testing framework was developed to help launch an attack, both anonymously and efficiently, without the need of deploying a permanent C2.
  • This framework provides the ability to create a unique payload that communicates to the client directly through RTC.
  • When the client is out-of-reach, the P2P Network allows the Implant to communicate with others to self-update and share un-transferred useful data.
  • The client is a website that runs on localhost, once connected to it, it will start communicating with implants.
  • Since the communication protocol is RTC, the Client can be deployed on any public network without the need to port forward, making it ideal to run the Client on public networks.

Functionality

  • Once executed, the payload will attempt to create persistence on the machine and setup a working directory, it then will then attempt to initiate the connection to the client.

  • The Implants life cycle is described below: lifecycle

  • The implant includes the following functionality:

    • System Info
    • Command shell
    • Steal credentials
    • Steal data
    • Drop .exe (base64 strings)
    • Display video
    • Popup message

  • The Client/C2 includes the following functionality:

    • Friendly GUI
    • Individual implant control panel
    • Host scripts in base64 string

User Interface

Current

current

Upcoming

upcoming

Sources

Presentation

  • You can find the presentation here

Demo video

  • Demo Malware.mp4

Diagrams

first second

Collaboration

  • Alvaro: Led the development of the implant, core functionality, and system integrations.
  • Aidan: Contributed to theoretical research, documentation, and overall project structuring.

About

IC2 is a decentralized penetration testing framework that enables secure P2P communication between Clients and Implants via WebRTC, eliminating traditional C2 infrastructure. Designed for stealth and resilience, it enhances red teaming and adversary simulation by bypassing network-based detection with encrypted, real-time data exchange.

Topics

infosec rtc

Resources

Readme
Activity

Stars

6 stars

Watchers

0 watching

Forks

1 fork
Report repository

Contributors 2

  •  
  •  

Languages