English
العربية
中文語言
हिंदी भाषा
हespañol
русский
Português
Le français
Deutsch
ภาษาไทย
Português
Magyar
OMNI Feature
Malleable C2 Profiles —
Beacon Traffic That Looks Legitimate
Network defenders rely on traffic signatures to detect C2 beacons. OMNI ships 7 production-ready Malleable C2 profiles that transform beacon communication to mimic real-world services — jQuery CDN requests, Microsoft Teams API calls, Windows Update check-ins. Each profile is fully customisable: URI patterns, HTTP headers, staging configurations.
7 Profiles Included
jQuery CDN
Microsoft Teams
Windows Update
Office 365
Google Analytics
Slack API
Amazon S3
What's Configurable per Profile
- Custom HTTP URIs and parameters
- Request and response headers
- Staging and stager URI configuration
- Sleep jitter (0–100%) per session
- Data transform pipelines (base64, netbios, etc.)
- Custom user-agents per profile
- HTTPS with certificate pinning
- Domain fronting compatible
Profile Selection Guide
Corporate / Office environment→ Microsoft Teams or Office 365 — blends with normal M365 API traffic
Web-heavy target→ jQuery CDN or Google Analytics — high-volume, always-on in web environments
Strict egress filtering→ Windows Update — often whitelisted even in heavily restricted networks
Cloud-first infrastructure→ Amazon S3 — S3 egress is rarely blocked in cloud-native environments
Explore Other Features
Use Malleable C2 Profiles in your next engagement
Included in all OMNI plans — from $200/mo. 7-day money-back guarantee.
Live demo
[OMNI]❯[DEMO]» omni profile list
[+] Available Profiles
══════════════════════════════════════════════════════
# Profile Name Mimics Jitter
------------------------------------------------------
1 amazon Amazon API 5–15%
2 jquery-3.3.1 jQuery CDN 8–20%
3 microsoftupdate Windows Update 10–30%
4 office365 MS Office telemetry 5–12%
5 s3-exfil AWS S3 3–10%
6 teams-traffic MS Teams calls 6–18%
7 slack-webhook Slack API 4–14%
[OMNI]❯[DEMO]» omni profile load microsoftupdate
[*] Loading profile: microsoftupdate
[+] URI set: /updates/v2/manifest.xml, /updates/catalog/search
[+] User-Agent: Windows-Update-Agent/10.0.19041.2364
[+] Sleep: 45000ms ± 30%
[+] Header spoofing: enabled (If-Modified-Since, ETag)
[+] Encryption: AES-256-CBC + HMAC-SHA256
[+] Profile active. Agent traffic blends with WU background noise.
[+] Command completed successfully
[+] Available Profiles
══════════════════════════════════════════════════════
# Profile Name Mimics Jitter
------------------------------------------------------
1 amazon Amazon API 5–15%
2 jquery-3.3.1 jQuery CDN 8–20%
3 microsoftupdate Windows Update 10–30%
4 office365 MS Office telemetry 5–12%
5 s3-exfil AWS S3 3–10%
6 teams-traffic MS Teams calls 6–18%
7 slack-webhook Slack API 4–14%
[OMNI]❯[DEMO]» omni profile load microsoftupdate
[*] Loading profile: microsoftupdate
[+] URI set: /updates/v2/manifest.xml, /updates/catalog/search
[+] User-Agent: Windows-Update-Agent/10.0.19041.2364
[+] Sleep: 45000ms ± 30%
[+] Header spoofing: enabled (If-Modified-Since, ETag)
[+] Encryption: AES-256-CBC + HMAC-SHA256
[+] Profile active. Agent traffic blends with WU background noise.
[+] Command completed successfully
