{
	"id": "d998943a-5ad3-4035-8275-f6b89c9ed33c",
	"created_at": "2026-04-06T00:13:27.860828Z",
	"updated_at": "2026-04-10T03:24:23.592887Z",
	"deleted_at": null,
	"sha1_hash": "eee8ae4217dec023c8eb0f725d2c1fbeedeab982",
	"title": "Introducing the Sliver Framework written in Golang",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 65756,
	"plain_text": "Introducing the Sliver Framework written in Golang\r\nBy Joe DeMesy, Alumnus Principal\r\nArchived: 2026-04-05 15:57:04 UTC\r\nCross-platform General Purpose\r\nImplant Framework Written in Golang\r\nSenior Security Associate Joe DeMesy and Security Associate Ronan Kervella are the researchers behind the\r\ncreation and maintenance of Sliver. They introduced Sliver in June at SummerCon 2019.  \r\n⚠️ Warning: Sliver is currently in beta, you've been warned :) and please consider contributing.\r\nHow Sliver Works\r\nSliver is designed to be an open source alternative to Cobalt Strike. Sliver supports asymmetrically encrypted C2\r\nover DNS, HTTP, HTTPS, and Mutual TLS using per-binary X.509 certificates signed by a per-instance certificate\r\nauthority and supports multiplayer mode for collaboration.\r\nWe will explore how to design stable, performant, and secure C2 channels as well as other design challenges when\r\ncreating implants as they present.\r\nSliver is a general purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and\r\nDNS. Implants are dynamically compiled with unique X.509 certificates signed by a per-instance certificate\r\nauthority generated when you first run the binary.\r\nThe server, client, and implant all support MacOS, Windows, and Linux (and possibly every Golang compiler\r\ntarget but we've not tested them all).\r\nSliver's Features\r\nDynamic code generation\r\nCompile-time obfuscation\r\nLocal and remote process injection\r\nAnti-anti-anti-forensics\r\nSecure C2 over mTLS, HTTP(S), and DNS\r\nWindows process migration\r\nWindows user token manipulation\r\nMultiplayer-mode\r\nProcedurally generated C2 over HTTP (work in progress)\r\nLet's Encrypt integration\r\nIn-memory .NET assembly execution\r\nhttps://labs.bishopfox.com/tech-blog/sliver\r\nPage 1 of 2\n\nDNS Canary Blue Team Detection\r\nGetting Started\r\nDownload the latest release and see the Sliver wiki for a quick tutorial on basic setup and usage. To get the very\r\nlatest and greatest compile from source.\r\nCompile from Source\r\nSee the wiki.\r\nSource Code\r\nassets/  - Static assets that are embedded into the server binary, generated by go-assets.sh\r\nclient/  - Client code, the majority of this code is also used by the server\r\nprotobuf/  - - Protobuf code\r\nserver/  -Server-side code\r\nsliver/  - Implant code, rendered by the server at runtime\r\nutil/  - Utility functions that may be shared by the server and client\r\nLicense - GPLv3\r\nSliver is licensed under GPLv3, some subcomponents have separate licenses. See their respective subdirectories in\r\nthis project for details.\r\nExcerpt from GitHub:\r\nGo to https://github.com/BishopFox/sliver for the complete tooling.\r\n.github Updated security policy, image location, and .github/\r\nassets Re-adding the hosting DLL\r\nclient Add GPLv3\r\nprotobuf Fix execute-assembly missing DLL and refactoring\r\nserver Remove buildid from shared libs / shellcode\r\nsliver Place the comment where it should be\r\nutil Added GPLv3 license\r\nvendor Updated vendor/\r\n.dockerignore Fixed unit tests\r\nSource: https://labs.bishopfox.com/tech-blog/sliver\r\nhttps://labs.bishopfox.com/tech-blog/sliver\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://labs.bishopfox.com/tech-blog/sliver"
	],
	"report_names": [
		"sliver"
	],
	"threat_actors": [
		{
			"id": "610a7295-3139-4f34-8cec-b3da40add480",
			"created_at": "2023-01-06T13:46:38.608142Z",
			"updated_at": "2026-04-10T02:00:03.03764Z",
			"deleted_at": null,
			"main_name": "Cobalt",
			"aliases": [
				"Cobalt Group",
				"Cobalt Gang",
				"GOLD KINGSWOOD",
				"COBALT SPIDER",
				"G0080",
				"Mule Libra"
			],
			"source_name": "MISPGALAXY:Cobalt",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434407,
	"ts_updated_at": 1775791463,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/eee8ae4217dec023c8eb0f725d2c1fbeedeab982.pdf",
		"text": "https://archive.orkl.eu/eee8ae4217dec023c8eb0f725d2c1fbeedeab982.txt",
		"img": "https://archive.orkl.eu/eee8ae4217dec023c8eb0f725d2c1fbeedeab982.jpg"
	}
}