Registration
Last updated
Last updated
Registration is defined as the first time an agent connects to a server to authenticate. Each connection is given a token that runs on a time limit. If an operator hasn't administered a request for a period of time, the token will expire, resulting in a 401
response, and the agent will need to re-authenticate. Your agent must be capable of re-registering with the server, otherwise you will have to restart the binary itself.
Your implant should be able to handle several possible scenarios:
Server goes offline unexpectedly (connection-refused) - the implant should attempt to reconnect until it is able to establish a session again
The session expires (401) - the implant should authenticate at the registration endpoint once again.
The compromised machine restarts - assuming a persistence mechanism is already in place, the implant should know to re-register to the server.
Here is a simple logic example from an early version of '', Monarch's first implant integration written in Go.
The page goes into more detail about how registration and polling objects are structured.