C2

Manual PE backdooring from scratch: code cave injection, new section addition, XOR evasion, and Adaptix C2 beacon delivery inside a legitimate PuTTY binary.

Overview GHOUL is an educational Command & Control (C2) framework built on top of the Discord REST API. The project covers the full stack: a Windows agent written in C, and an operator bot written in Python using discord.py. The goal was to build something that goes beyond a toy example — implementing real techniques used by modern implants, with every design decision documented and explained. The result is a working C2 with encrypted beaconing, multiple AV/EDR evasion layers, and a per-agent interactive shell system, all over a transport that blends into normal network traffic. ...