This is the repository for the StoneKeeper command-and-control framework, an experimental EDR evasion framework for research purposes.
I originally had big plans for this project with intentions to sell it and make it something great. Long story short, I realized this was not the route I wanted to take and it would be an uphill battle. I was quickly humbled by pre-existing work and realized features I wanted to implement such as malleability were going to take a lot more work than I originally anticipated. I work full time and I just do not have the time to make this what I once planned on, so I am releasing it to the public as a research opportunity and project.
There are a lot of great examples in my opinion regarding some modern Windows malware tactics including undocumented sleep obfuscation, DLL unhooking and heap encryption techniques. There are a lot of great learning opportunities within the code base. The project is neutered on purpose and it's not intended to work out-of-the-box. It is unfinished. I figured it would be better to release it than to let it sit any longer in my archives.
This was my first C2 project I worked on in my free time when I got the time. I did not have the guidance or input from anyone when building this. It was simply a fun research project to learn malware & C2 development. I made a lot of mistakes along the way but I also learned a ton about Windows malware and C2 development.
The author of this project assumes no liability for actions taken with this project. It is intended for research purposes only.