Jump to content

Community Edition Download Flagged As Malware

Go to solution Solved by dark_pyrro,

Recommended Posts

  • Solution

What product was detecting it as malware and did it provide any information of why it was detecting it?

The text below is from a quite recent post by the Hak5 head dev of Cloud C2

"Question: "C2 cloud download from hak5 says it has malware"

**TLDR; its a false positive. CloudC2 contains no malware nor anything malicious. **

This is an unfortunately (and ironically) a side affect of providing our software in an *easily accessible zip for all architectures*.

This arbitrary determination by random AV scanners is unfortunate and **nearly impossible to combat.** AV detection is a game of "if my AV detects it and yours doesn't, mine is better" so even false positives spread like wildfire. Understandably because in the case something is actually malicious this protects more users quicker (something we can all appreciate).

So what nuance are these AV companies missing in their determination of Cloud C2? 
Architecturally Cloud C2 is designed to** only communicate with Hak5 devices**; there is no way to even abuse Cloud C2 to provide access to even the host its running on. The executables don't even communicate with the host machine they run on -- this is both by design and for your privacy and security; *Cloud C2 is effectively a sandbox*.

We expressly provide the sha256sum of the archive, and within the archive a list of sha256sums of each individual binary so that you can be sure they haven't been intercepted or tampered with. Each binary is built and tested by us in house from the same codebase and then provided to the user via our own hand built infrastructure so that you can be sure no one is able to alter the software nor track you.

**In even more detail:**
The combination of features Cloud C2 provides, from a *blindly heuristic perspective*, has just fooled many scanners into** false positive**; looking to naive data models that it "could be used maliciously" due to the fact that it:
- requires a token and a license key to access; providing security and ensuring you're the only one who can complete the setup process
- contains a self contained web server that can communicate in a custom protocol scanners have never heard of and don't understand (expressly so that your Hak5 devices are secure when using Cloud C2)
- supports https and uses aes256 to communicate with Hak5 devices, making traffic uninspectable
- contains a ssh server so you can remotely shell in (only) to your registered devices with a single click
- supports one click OTA updates as a self updating binary
- contains a cross platform compatible database architecture
- contains a fully built-in web ui (which would appear as an embedded file system)
-  supports user accounts with fully configurable role based access control for your data security
- supports full audit level internal logging of requests made to your server and actions taken by your server users
**All with zero external dependencies packaged into a single executable.**

The **only communication Cloud C2 server makes**:
- directly with your Hak5 devices you've explicitly registered with your server,
- to validate the license and only the license information.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...