Executive brief on how PCI DSS 4.0 affects offensive security practices, penetration testing, and segmentation testing. Watch Now

Offensive Tools

Sliver: Cross-platform General Purpose Implant Framework Written in Golang

Sliver is designed to be an open source alternative to Cobalt Strike. Sliver supports asymmetrically encrypted C2 over DNS, HTTP, HTTPS, and Mutual TLS using per-binary X.509 certificates signed by a per-instance certificate authority and supports multiplayer mode for collaboration.

Open-Source C2 Framework

Sliver is an open-source cross-platform adversary emulation/red team framework. It can be used by organizations of all sizes to perform security testing. Sliver's implants support C2 over Mutual TLS (mTLS), WireGuard, HTTP(S), and DNS and are dynamically compiled with per-binary asymmetric encryption keys.

The server and client support MacOS, Windows, and Linux. Implants are supported on MacOS, Windows, and Linux (and possibly every Golang compiler target but we've not tested them all).

Need help? Check out the Wiki or GitHub discussion boards. You can also find us on the #sliver channel in our Discord server.

Features v1.6 Overview

    • Dynamic code generation
    • Compile-time obfuscation
    • Multiplayer-mode
    • Staged and Stageless payloads
    • Procedurally generated C2 over HTTP(S)
    • DNS canary blue team detection
    • Secure C2 over mTLS, WireGuard, HTTP(S), and DNS
    • Fully scriptable using JavaScript/TypeScript or Python
    • Windows process migration, process injection, user token manipulation, etc.
    • Let's Encrypt integration
    • In-memory .NET assembly execution
    • COFF/BOF in-memory loader
    • TCP and named pipe pivots

Source Code

  • assets/ - Static assets that are embedded into the server binary, generated by go-assets.sh
  • client/ - Client code, the majority of this code is also used by the server
  • protobuf/ - - Protobuf code
  • server/ -Server-side code
  • sliver/ - Implant code, rendered by the server at runtime
  • util/ - Utility functions that may be shared by the server and client


Bishop-Fox-Labs-Researchers-Demesy-Kervalla

Lead Researchers

Joe DeMesy & Ronan Kervella

Joe DeMesy

is a Principal at Bishop Fox. Joe is an expert in secure development, proficient in several programming languages, and is a leading contributor to various open source projects.Joe is a noted expert in the field of information security, having been quoted in Market Watch, NPR, InformationWeek, and Dark Reading. He has also presented his research at conferences such as BSidesLV, Kiwicon, BlackHat and private conferences hosted by the US Department of Defense. GitHub: moloch--

Ronan Kervella

(OSCP) is a Senior Security Consultant at Bishop Fox, where he focuses on red teaming, internal penetration testing and hybrid application assessments. He is the author of multiple open source-tools and is an active contributor to the Sliver framework. He has advised Fortune 500 brands and startups in industries such as media, healthcare, and software development. GitHub: rkervella

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.