OMNI Feature

PowerShell + C# Dual Agent —
One API, Maximum Compatibility

Two distinct agent implementations sharing the same 102-module API. Choose the PowerShell agent for legacy Windows environments down to Windows 7, or the C# .NET agent for modern systems with advanced evasion techniques. Switch between agents on the same host without changing your workflow — the same modules, the same commands, the same output format.

PowerShell Agent
Windows 7+ · Server 2008 R2+
AMSI bypass · CLM bypass · Reflective loader
C# .NET Agent
Win 10 · Server 2016+ · .NET 4.8
ETW patch · Syscall unhook · Sleep enc.

Evasion Techniques per Agent

PowerShell Agent
  • AMSI bypass (signature + patch methods)
  • Constrained Language Mode bypass
  • Reflective PowerShell loader
  • Script block logging evasion
  • Windows 7 / Server 2008 R2 compatible
C# .NET Agent
  • ETW (Event Tracing for Windows) patching
  • Syscall unhooking (direct syscalls)
  • Process hollowing loader
  • Sleep encryption (Ekko + Foliage)
  • Stack spoofing during sleep

Which Agent to Choose?

Use PowerShell when targeting legacy Windows environments (Win 7 / Server 2008-2012), mixed estates where .NET 4.8 is not guaranteed, or when a smaller initial footprint is preferred.

Use C# .NET when targeting modern Windows 10 / Server 2016+ systems, environments with strong EDR coverage requiring syscall-level evasion, or when sleep encryption is critical.

Use Dual Agents in your next engagement

Included in all OMNI plans — from $200/mo. 7-day money-back guarantee.

Live demo
OMNI C2 · Dual Agent comparison · CORP-WS-042
[+] Agent comparison — same host, different agent types
══════════════════════════════════════════════════════════════════
PS Agent C# Agent (reflective)
------------------------------------------------------------------
Script block logging visible bypassed
AMSI exposure via PS engine not applicable
Process name powershell.exe svchost.exe (migrated)
Memory footprint ~32 MB ~8 MB
Startup time 1.4s 0.3s
══════════════════════════════════════════════════════════════════

[OMNI]❯[DEMO]❯[CORP-WS-042]» !defender_check
[*] Waiting for defender_check response (Timeout: 30s)...

[+] DEFENDER_CHECK SUMMARY
════════════════════════════════════════
Real-Time Protection : ENABLED
AMSI Status : Patched (evade_amsi active)
Tamper Protection : True
Exclusion Paths : 3 entries found
ETW Status : Patched (evade_etw active)
└─ Saved: exfiltrated/CORP-WS-042/demo/defender/check_[demo].txt
[+] Command completed successfully

[OMNI]❯[DEMO]❯[CORP-WS-042]» !ping_sweep 10.10.20.0/24
[*] Waiting for ping_sweep response (Timeout: 300s)...

[+] PING SWEEP | Method: ICMP | Hosts: 254
Alive: 9 / 254 | Time: 2.1s
Alive IPs: 10.10.20.1, 10.10.20.5, 10.10.20.11, 10.10.20.22,
10.10.20.50, 10.10.20.100, 10.10.20.120, 10.10.20.200, 10.10.20.254
[+] Command completed successfully