Tweet
Tool or Project Name: Shutter
Short Abstract:
The goal of Shutter is to manage windows network stack communication via Windows Filtering Platform. Management can include blocking or permitting traffic based on IP or an executable that initiates or receives the traffic.
This is useful to blackhole event logging, defensive agent communication, or explicitly permit specific executables to communicate if they have been previously restricted by policy.
Shutter installs rules in a memory running session without touching the windows firewall itself or invocation of `netsh` command, thereby minimizing detection during long haul RT operations.
As a generic mechanism for managing network traffic it can help operators in:
I support initiatives in offensive testing for my team by writing code where needed.
Interests include network-based command and controls, data exfiltration mechanisms, evasion.
URL to any additional information: https://github.com/dsnezhkov/shutter
Detailed Explanation of Tool: Please see https://github.com/dsnezhkov/shutter...main/README.md
Supporting Files, Code, etc: https://github.com/dsnezhkov/shutter
Target Audience: Offense
Offensive teams can use the tool to better simulate attacks that involve WFP.
Short Abstract:
The goal of Shutter is to manage windows network stack communication via Windows Filtering Platform. Management can include blocking or permitting traffic based on IP or an executable that initiates or receives the traffic.
This is useful to blackhole event logging, defensive agent communication, or explicitly permit specific executables to communicate if they have been previously restricted by policy.
Shutter installs rules in a memory running session without touching the windows firewall itself or invocation of `netsh` command, thereby minimizing detection during long haul RT operations.
As a generic mechanism for managing network traffic it can help operators in:
- punching through firewalls without shutting them down
- not creating persistent rules
- evading reporting on `netsh` invocation
- blackholing EDRs and activity supervising agents.
- studying existing security providers, active filters and network endpoints involved in network communication
I support initiatives in offensive testing for my team by writing code where needed.
Interests include network-based command and controls, data exfiltration mechanisms, evasion.
URL to any additional information: https://github.com/dsnezhkov/shutter
Detailed Explanation of Tool: Please see https://github.com/dsnezhkov/shutter...main/README.md
Supporting Files, Code, etc: https://github.com/dsnezhkov/shutter
Target Audience: Offense
Offensive teams can use the tool to better simulate attacks that involve WFP.