/TaftssCrypter

TaftssCrypter is a C#-based, target-focused Ransomware Simulation tool.

Primary LanguageC#MIT LicenseMIT

alt text

TaftssCrypter

TaftssCrypter is a C# application developed to measure the resilience of security products against ransomware attacks. TaftssCrypter is designed to simulate ransomware attacks and perform customized ransomware simulations

Notice: This tool is developed exclusively for simulations. Please do not use it for illegal activities !

Features

  • It encrypts the desired folder and its subfolders in a target-based manner.
  • It encrypts the desired file extensions. It encrypts all files within a folder or specifically specified files.
  • It operates on a user-based level, taking user information parametrically and working within the scope of permissions.
  • It can be used with C2s like Cobalt Strike using 'execute-assembly'.
  • It can perform encryption and decryption processes.
  • It enables realistic ransomware attack simulations using the AES256 algorithm.
  • You can encrypt all files in the target folder, including subfolders, using "*.*"

Usage

TaftssCrypter takes 4 different parameters. It operates by receiving a mode selection parameter and 3 target information parameters. The 3 target parameters are indicated with double quotation marks.

The first parameter specifies the target file path. The second parameter specifies the username under which processes are executed (as obtained from the 'whoami' command output). The third parameter specifies the file extensions to be indicated in the form of *.* ("*.*" or "*.txt"for example).

Paramater Description
-e Encrypter Mode.
-d Dencrypter Mode.
First "" Parameter Target Folder Full Path. For example "C:\"
Second "" Parameter The hostname and username where the process is executed. You can use the output of the 'Whoami' command.
Third "" Parameter Target File Extensions. For example "*.*" or ".txt,.docx... etc"

Command & Control Usage

TaftssCrypter is developed as a .NET assembly that can be executed via a command and control center, making it compatible with red team simulations like Cobalt Strike. It seamlessly handles both encryption and decryption operations.

TaftssCrypter Encrypter C2

Encrypter Usage

TaftssCrypter.exe -e "[Target Folder Path]" "[host/username]" "*.[TargetExtensions], *.[TargetExtensions],....,*.[TargetExtensions]"

TaftssCrypter Encrypter

TaftssCrypter Encrypter

Decrypter Usage

TaftssCrypter.exe -d "[Target Folder Path]" "[host/username]" "*.[TargetExtensions], *.[TargetExtensions],....,*.[TargetExtensions]"

TaftssCrypter Decrypter

TaftssCrypter Decrypter