so, we all know we can use shellscript and systems commands / tools for downloading and executing implants.
But, there's a problem. If you use shellscripts, we also give away the commands we use, and the url, so how to get around that ?. Let's have a look ;)
We could use something shc, the shellscript compiler. It can be installed in most distros, simply by running apt install shc.
But, the problem with SHC, is that it's not cross-distro, so it's not a very good solution.
Now, another thing we could do, is use python and compile to binary, but alas, again, it's not cross-distro, so it requires knowledge of the target distro.
But, something we could do, is use app images. There's a tool called appimage, that can build binaries from shellscripts.
https://github.com/boolean-world/appimage-resources/tree/master/hello-world-appimage
so, with that, we can build an appimage from a Bash script, and if you run strings on it, to try to find commands / tools used / url's on C2, you're comming up with nothing.
Icon spoofing should be possible, but haven't figured that part out yet, so i'll get back to that in another article.
But, it is cross-distro, since it's shellscript under the hood, and app images can run on most things, so it's worth looking into.
And if your homebuilt tools are Bash, it a nice way to prevent anyone from snooping in them, just include a password / user check at runtime, problem solved.
Also, try to go play with a tool called cyberchef, for obfuscating strings, it's pretty handy.
https://gchq.github.io/CyberChef/
Have fun :)