Brute Ratel C4

Brute Ratel C4 (BRC4) is a command and control center tailored for red teaming and adversary simulation. It distinguishes itself through its focus on bypassing endpoint detection and response (EDR) systems.

Key features include:

• DNS Over HTTPS: Facilitates the use of new domains without domain fronting, providing a backup HTTPS profile option.
• External C2 Channels: Supports custom external C2 channels over platforms like Slack, Discord, and Microsoft Teams.
• Indirect Syscalls: Offers process injection capabilities with options to switch between WinAPI, NTAPI, and Syscalls.
• Built-in Debugger: Detects EDR userland hooks using syscall obfuscation and debugging techniques.
• MITRE ATT&CK Graph: Integrates a MITRE ATT&CK graph for built-in commands.
• Ldap Sentinel: Provides a GUI for LDAP queries.
• Multiple C2 Channels: Supports SMB, TCP, WMI, and WinRM pivoting.
• Automated TTPs: Automates adversary tactics, techniques, and procedures (TTPs) using C#, BOFs, PowerShell, and Reflective DLLs.
• Evasion Capabilities: Includes stack frame chaining, indirect system calls, shellcode section hiding, sleeping masking, EDR unhooking, ETW evasion, thread stack encryption, and more.

BRC4 is designed for red teams and penetration testers who require advanced evasion techniques and flexible C2 options to simulate real-world adversary behavior.