Every byte between agent and C2 server is encrypted and authenticated.

  • AES-256-CBC encryption for all payload data
  • HMAC-SHA256 message authentication
  • Rolling session keys — unique per session, auto-rotated
  • Integrity chain — detects and rejects replayed packets