Home Projects About

Vulpes: UI

Table of Contents

This page will document the UI and its capabilities.


In the navbar, there are several options:

This can be seen below:

In order to comply with our requirement of a one-page web application, we ended up using modals for a lot of the functionality. We found a lot of other C2 Web Applications to be clunky and poor workflow, so we wanted to address that by keeping everything in one place without overcrowding the page.


Listener Creation

When clicking the Listeners button, a dropdown appears:

To create a listener, click Start new listener.... This will bring up the following tabbed-modal:

The general tab allows the following to be set:

Alternatively, the Randomise button will just fill all of this out. We also have a Debug button, which just fills in all the values for our specific setup.

The second tab, Stager, has some specific information regarding how the loader will communicate back for the actual DLL:

This is explained in Communication.

Viewing Listeners

Currently, we havent given this part much love aesthetically, but when a listener is created, it can be viewed by clicking View all listeners...:


Payloads follows a similar system to Listeners:

Creating a payload

Again, this is a tabbed modal:

This has 3 tabs, and the first tab can be seen above. This contains basic information about the implant:

Setting Default Note
Payload Name Vulpes.x64.exe N/A
Listener N/A Prepopulates the list with existing listeners
Type Exe Exe or Raw
Architecture x64 Only x64
Parent Process Explorer.exe If not set, does not spoof parent
Named Pipe Mojo Pipe N/A
Export Name ExecuteA N/A
Sleep 10000 N/A
Jitter 25 N/A

The next tab is Injection which allows for techniques to be selected from a dropdown. However, this is currently only:

As seen below:

The current release thats in progress doesnt have any new injection methods queued, but these are all syscalls.

The final tab is OpSec which we have a a few issues queued to expand this section:

The settings:

Setting Default Note
Pre-Exec Sleep 0 How long to sleep before the loader starts working
Spawnto Calc.exe When a command requires it, which process to spawnto
Env Variables Empty A comma separated list of environment variables to check for before executing
Min. Processes 0 How many processes must be on the host before execution can occur
Avoid Processes Empty A comma separated list of processes to check for before executing
DLLs to refresh Empty A comma separated list of DLLs to remap
Anti-Debug Empty Only two options because this is a POC section
Sleep Mask Disabled Ongoing POC
Patch AMSI Disabled Contrary to the name, this will handle AMSI with VEH and HWBP
Patch ETW Disabled Contrary to the name, this will handle ETW with VEH and HWBP
Detect Proxy Disabled Identify the system proxy
Enable SSL Disabled N/A
Enable Printf Disabled For debugging

Viewing Payloads

Currently on to todo list!


This is the same table as Commands:

Web Logs

Logging discusses the logging structure, but essentially when this modal is active it will request and parse the logs depending on which type is required:

By selecting the log type, those logs are returned. Below is an example of the listener logs: