Registering implants

Implants must have separate registration and operation endpoints. This is required so that authentication happens properly. These endpoints can be changed or configured in your monarch.yaml file in ~/.monarch.

To be registered, an implant (or a profile on behalf of an implant) must authenticate to the registration endpoint using the agent_id it was compiled with. If a developer chooses, they can send additional information about the compromised host, namely:

{
	"agent_id": "string",
	"os": "string",
	"arch": "string",
	"username": "string",
	"hostname": "string",
	"uid": "string",
	"gid": "string",
	"pid": "string",
	"home_dir": "string",
}

The structure in the data field is explained on the next page.

Last updated 2 years ago