You're sitting there behind the glow of a laptop screen. You setup your C2 infrastructure, you have your phishing pretext carefully crafted, and you generate a payload. You fire off the payload and boom, you get a shell. You start your "got shell dance", then look closer. This isn't your target! You look deeper into what happened and discover your target forwarded the email to their home email and opened on their home computer. Or even worse, your payload was sent to Virus Total and was executed in a sandbox. Now you need to re-setup your C2, re-craft your phishing emails, and find a new target. Hours wasted, that could have been saved.

Last month at aRcTicCON in Minnesota Matt Hand and I released a tool we spent a good part of the year developing and using on Red Team engagements, Spotter! (

Spotter is a tool to wrap payloads in environmentally-keyed, AES256-encrypted launchers. These keyed launchers provide a way to ensure your payload is running on its intended target, as well as provide a level of protection for the launcher itself.
This tool is designed to let you choose your payload and your delivery method and is simply a wrapper for protecting your payload and ensuring the execution of the payload only occurs on the intended target. Check it out, let us know what you think!

Popular Posts