Mythic3.2 last release

This is the last release for Mythic3.2 before the main branch becomes Mythic 3.3

Mythic 2.3.13

Last version that supports Mythic 2.3.13. Future versions target Mythic 3.0+

Apollo 2.2.1

This release addresses miscellaneous issues for commands and their UI integrations.

Bug fixes:

• unlink now properly terminates socket connections
• sc now has proper hooking into Mythic UI amongst other miscellaneous bug fixes
• pth now respects saved credentials and won't error out on task issuance

Apollo 2.2.0

This new release includes:

• ifconfig command to list network interfaces
• netstat to list network connections of various types
• sc enhancements across querying and modifying, with additional information regarding binary paths, running PIDs, etc.
• Fix for ps where it would report the wrong architecture for processes (was backwards previously)
• Apollo now reports the process it's residing in on checkin
• Apollo now has the scarecrow_wrapper in its supported wrapper payload types
• Dependencies have been shuffled around such that the PS reference assemblies it used to came bundled with are removed, and is now dependent on the PowerShell assemblies being resident on disk

Special thanks to @thespicybyte and @subat0mik for their contributions

Apollo 2.1.0

This release introduces a new injection technique. Syscall_x64.NtCreateThreadEx, which uses syscalls to inject code for all post-ex jobs that require process injection. Additionally, this release exposes the Main function for callers wanting to call Main directly via reflection.

Apollo 2.0.2

This release solves an issue with the pipe security of named pipes being instantiated by their short-hand English name (such as Everyone) over their SID identifiers. Doing the former would crash processes on non-English machines, as they would fail to resolve Everyone or Network to account identifiers. Using SIDs resolves these application crashes.

Apollo 2.0.1

This release is a hotpatch to fix HTTP header variables not being compiled into the agent. Headers should now be appropriately added including Host headers.

Apollo 2.0

This release makes Apollo compatible with Mythic v2.3.7+. The entire code base of Apollo has been rewritten. New features of 2.0 include:

• SOCKS5 Proxying capabilities (tested with RDP/impacket/FireFox)
• inline_assembly tasking that executes .NET assemblies in process
• execute_pe to execute statically compiled portable executables
• Peer-to-peer communications over SMB and TCP
• Dynamic command loading at agent runtime
• Reduced size from 2mb to ~450kb

Documentation has been updated to reflect command changes and contribution guidelines.

Sacrificial Process Hotpatch for PPID+BlockDLLs

This hotpatch is meant as a quick-fix to some bugs I introduced with the latest PPID/Block DLLs release. Unfortunately, there were some unforeseen consequences about using the StartupInfoEx structure and thevarious CreateProcess calls. Those nuances had to be painstakingly teased out, and in the process I had to discover the boundaries of ppid spoofing. This release introduces significant guard rails in order to provide some stability.

ppid, blockdlls, and bugfixes

This release introduces two new commands that modify post-exploitation jobs that require sacrificial processes. Now, we can spoof the parent process of these jobs, as well as block any non-Microsoft signed dlls from loading into those processes. Last but not least is a bug fix that's been a long time in the making. Now, if you sleep an agent to 0 seconds, you will receive output from that post-ex job.