Security researchers have recently recognized that there are several attack campaigns that use ATP-like targeting techniques and use Brute Ratel C4(BRc4), which is a relatively new adversary simulation framework. Threat groups have been using Cobalt Strike and Metasploit’s Meterpreter over the years now. Now the hacking group and ransomware operations are moving away from Cobalt Strike to the newer Brute Ratel post-exploitation toolkit to avoid detection of EDR and antivirus solutions. Brute Ratel is mainly focused on detection evasion techniques that might create a real challenge to defense teams.
Researchers from security firm Palo Alto Networks stated in a report that the arrival of a new penetration testing and adversary emulation capacity is very much significant after analyzing several recent samples. Yet more reassuring is the effectiveness of BRc4 at defeating modern defensive EDR and AV detection capabilities.
In 2020, Chetan Nayak, an ex-red teamer at Mandiant and CrowdStrike announced Brute Ratel Command and Control Center (BRc4) as an alternative to Cobalt Strike for red team penetration testing engagements. Brute Ratel, like Cobalt Strike, is an adversarial attack simulation tool that allows red teamers to use ‘Badgers’ on remote hosts. These Badgers connect back to the attacker’s command and also control the server to receive the command to execute or transfer the output of previously run commands.
