SilentTrinity

SilentTrinity is a modern, asynchronous, multiplayer and multiserver C2/post-exploitation framework. It represents the culmination of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs, a technique called BYOI (Bring Your Own Interpreter). The goal is to enable PowerShell-style attacks with greater flexibility and stealth, without relying on PowerShell.

Key distinguishing features include multi-user collaboration, support for controlling multiple teamservers, real-time communication via websockets, and a modern CLI powered by prompt-toolkit. The implant, named Naga, uses dynamic evaluation/compilation with .NET scripting languages like Boolang, eliminating server-side compilation needs and enhancing modularity.

It supports fully modular listeners, modules, stagers, and C2 channels, with ECDHE encryption for all traffic. Extensive logging and future-proof HTTPS/HTTP listeners using Quart and Hypercorn (supporting HTTP2 and websockets) make it suitable for advanced post-exploitation scenarios.

SilentTrinity operates with a client and teamserver built in Python 3.7 using Asyncio for high-speed operations and websockets for real-time updates. The Naga implant embeds third-party .NET scripting languages (e.g., Boolang) for dynamic compilation/evaluation of tasks, enabling real-time module editing and lightweight payloads. All C2 communication uses ECDHE for ephemeral key exchange encryption. Components like listeners, modules, stagers, and C2 channels are fully modular, with HTTPS/HTTP on Quart/Hypercorn supporting HTTP2 and websockets.