CloakCat Red Team Labs

Custom C2 Development #4 — SMB Beacon and Payload Staging

The previous post covered process injection and execute-assembly — the two capabilities that turned CloakCat from a shell-over-HTTP tool into something that could actually support post-exploitation workflows. This post covers the next two pieces: SMB beacon chaining and server-side payload staging. These aren't glamorous features. They don't show up in conference talks. But without them, you hit operational dead ends in any environment with network segmentation or competent blue team monitoring of file artifacts on disk.

April 1, 2026

Red Team

Custom C2 Development #3 — Implementing Process Injection and execute-assembly in Rust

The CloakCat vs Cobalt Strike analysis in the previous post surfaced two critical gaps: no process injection, and no execute-assembly. Without these, real red team workflows are fundamentally broken — every post-ex capability runs inside the agent process, and you can't execute .NET tooling in-memory. These were prerequisites before CloakCat could be used for lab work. Phase 10 and Phase 11 were implemented back-to-back.

March 25, 2026

Red Team

Custom C2 Development #2 — CloakCat vs Cobalt Strike: A Feature Parity Analysis

In the [previous post](https://www.cloakcat.com/blog/rust-c2) we covered CloakCat's design philosophy and architecture. With Phase 0 through 8 complete, it's time to ask the hard question: how does it actually stack up against Cobalt Strike, and where does it fall short? 이 글은 감상이 아니라 코드 기반 분석이다. 전체 워크스페이스 ~14,700 LOC를 크레이트별로 뜯어보고, CS의 주요 기능과 1:1로 비교한 결과를 공유한다.

March 22, 2026

Red Team

Custom C2 Development #1 - Rust C2 Framework Architecture Review

Beginning development of a custom C2 framework — sharing ongoing progress, implementation details, and research findings as the project evolves.

March 20, 2026