Version 5.1.0: Agentic Operations

Overview

This release represents about a year of development and is the largest feature update to SpecterInsight to date. The headline addition is a fully integrated AI agent system that can plan and autonomously execute operations against active sessions. Alongside that, this release adds a brand new Active Directory module with a comprehensive Kerberos attack library, a complete credential dumping module, Early Cascade Injection, expanded lateral movement capabilities, Windows Filtering Platform firewall control, PowerShell Notebooks, and a significant expansion of the string obfuscation pipeline.

AI Agent System

The most significant new capability in 5.1.0 is the AI agent system. Operators can now launch AI-driven sessions that run a three-phase Planner → Operator → Reporter workflow against one or more active implant sessions. The planner generates a structured attack plan broken down into phases and steps. The operator executes those steps sequentially, invoking server-side PowerShell cmdlets to interact with sessions, retrieve results, and adapt based on what it finds. The reporter summarizes findings into a structured engagement artifact at the end.

AI sessions are configurable through agent profiles. Each profile specifies the LLM provider and model to use, the system prompt, and the set of tool functions the agent is permitted to call. Custom functions can be defined and added to profiles, giving operators control over exactly what the agent is allowed to do in a given engagement context.

Three LLM providers are supported: OpenAI, Anthropic, and Ollama (for local model hosting). Provider credentials and endpoint configuration are stored in the centralized settings service.

The agent has access to a large set of built-in cmdlets covering the full C2 surface: it can query and manage sessions, queue and wait on implant tasks, run SpecterScripts, manage listeners, create and delete builds, generate payloads through pipelines, and manage certificates. These are implemented as PowerShell cmdlets on the server side and surfaced to the LLM as tool functions.

Tool calls that involve destructive or sensitive operations support a configurable approval policy. Operators can require human approval before the agent executes specific function categories, which is enforced through the AiFunctionCallApprovalService before execution proceeds.

The agent maintains rolling conversation history with a sliding-window provider to stay within context limits across long sessions. A checkpoint summarizer generates compressed summaries of older history segments so context is not lost as sessions grow.

All AI session state to include messages, tool calls, results, plan phases, and file artifacts are persisted to the database. The UI renders a live timeline view that shows each message, tool invocation, tool result, and plan step update as they arrive over SignalR, with a separate artifact viewer for AI-generated files.

MCP server integration exposes the same tool functions to any external MCP-compatible client, allowing operators to connect their own AI tooling to the SpecterInsight API surface.

Active Directory Module (ad)

A new ad module ships with 5.1.0, providing a comprehensive Kerberos attack library implemented as managed .NET compatible with the .NET 3.5 runtime on older implant hosts. The module is a clean managed port of the Rubeus attack library, adapted to run as a reflectively-loaded PowerShell module against live sessions.

The following operations are available:

Ticket Acquisition and Manipulation

  • Invoke-RubeusAsktgt — Request a TGT with password, hash, or certificate.
  • Invoke-RubeusAsktgtfast — Optimized AS-REQ TGT request.
  • Invoke-RubeusAsktgs — Request service tickets for arbitrary SPNs.
  • Invoke-RubeusRenew — Renew TGTs approaching expiry.
  • Invoke-RubeusPtt — Pass-the-Ticket to inject tickets into the current logon session.
  • Invoke-RubeusTgtdeleg — Extract delegatable TGTs using unconstrained delegation.

Roasting

  • Invoke-RubeusKerberoast — Kerberoast service accounts from the current or a remote domain.
  • Invoke-RubeusAsreproast — AS-REP roast accounts with pre-authentication disabled.
  • Invoke-RubeusASREP2Kirbi — Convert AS-REP responses to kirbi format.

Ticket Forging

  • Invoke-RubeusGolden — Forge Golden Tickets with full field control.
  • Invoke-RubeusSilver — Forge Silver Tickets for specific service SPNs.
  • Invoke-RubeusDiamond — Diamond ticket modification.
  • Invoke-RubeusTgssub — Substitute PAC data in TGS tickets.

Credential and Session Enumeration

  • Invoke-RubeusKlist — List Kerberos tickets in the current session.
  • Invoke-RubeusTriage — Enumerate tickets across all accessible logon sessions.
  • Invoke-RubeusLogonsession — List logon sessions on the local host.
  • Invoke-RubeusDump — Extract tickets from LSASS memory.
  • Invoke-RubeusCurrentluid — Display the current logon session LUID.
  • Invoke-RubeusDescribe — Decode and display ticket fields.
  • Invoke-RubeusKirbi — Convert between kirbi and base64 formats.

Attacking and Persistence

  • Invoke-RubeusBrute — Online Kerberos password brute-force.
  • Invoke-RubeusPreauthscan — Scan for accounts with pre-authentication disabled.
  • Invoke-RubeusShadowcred — Shadow Credentials attack via msDS-KeyCredentialLink.
  • Invoke-RubeusS4u — S4U2Self / S4U2Proxy constrained and resource-based delegation abuse.
  • Invoke-RubeusHarvest — Continuously harvest and renew TGTs.
  • Invoke-RubeusMonitor — Monitor the KDC for new AS-REQ/TGS-REQ events.

ADCS / PKI

  • Invoke-RubeusCertenroll — Enroll certificates using the MS-XCEP/WSTEP protocol.
  • Invoke-RubeusGmsapassword — Retrieve gMSA managed passwords.

Authentication

  • Invoke-RubeusCreatenetonly — Create a new logon session with alternate credentials (NetOnly).
  • Invoke-RubeusChangepw — Change a user’s password over Kerberos (kpasswd).
  • Invoke-RubeusHash — Compute NTLM and AES Kerberos key hashes from a plaintext password.

Every cmdlet emits typed output objects (RubeusKerberoastResult, RubeusTGTResult, RubeusForgedTicketResult, etc.) that can be piped to downstream scripts or accessed by the AI agent as structured data.

Credential Dumping Module (dumper)

A new dumper module provides a multi-technique LSASS credential dumping framework. Eight dump techniques are available through the New-ShadowDump cmdlet, ranging from straightforward MiniDumpWriteDump calls to a fully native MDMP writer with no dependency on dbghelp.dll.

Techniques:

  • Simple — Standard MiniDumpWriteDump with SeDebugPrivilege.
  • Callbacks – Intercepts all MiniDumpWriteDump I/O via IoWriteAllCallback, keeping the full dump in memory without writing the MDMP bytes to disk.
  • Fork – Creates a suspended clone of LSASS via RtlCreateProcessReflection and dumps the clone. The dump handle is against the clone’s PID, not the live LSASS PID.
  • Syscalls – Opens LSASS via a direct syscall stub (NtOpenProcess) that bypasses EDR hooks in ntdll.dll.
  • Native – Builds a complete, parseable MDMP by hand using VirtualQueryEx and NtReadVirtualMemory (direct syscall). No MiniDumpWriteDump or dbghelp.dll dependency.
  • Stealth – Syscall-based handle acquisition with a FILE_ATTRIBUTE_TEMPORARY | FILE_FLAG_DELETE_ON_CLOSE intermediate file that keeps dump bytes in the page cache, followed by GZip compression and XOR encryption before the final output path is written.
  • Mimikatz – ntdll unhook followed by embedded Mimikatz shellcode injection.
  • UnhookSyscalls – ntdll unhook followed by embedded direct-syscall shellcode injection.

The Invoke-ShadowExtract cmdlet parses a dump in-process and extracts credentials from all active logon sessions without writing plaintext output to disk. Providers covered: MSV (NTLM hashes), Kerberos (tickets and keys), WDigest, TSPKG, LiveSSP, CredMan, DPAPI, CloudAP, and RDP saved credentials.

Syscall numbers are resolved by parsing the clean on-disk ntdll.dll export table, avoiding any dependency on the hooked in-memory version.

Early Cascade Injection and Spawn-Inject

The lateral module now includes Spawn-Inject, a new cmdlet that spawns a process and injects shellcode into it before EDR user-mode hooks can initialize. Two spawn-inject techniques are available:

EarlyCascadeInjection abuses the Windows application compatibility shim engine. By planting a stub pointer in g_pfnSE_DllLoaded and setting g_ShimsEnabled = 1 inside a suspended process before resuming it, the payload executes during the very first DLL load event — before any EDR user-mode component has run. The implementation supports both x64 and x86 (WoW64) targets, handles Windows 11 encoded function pointer semantics (RtlEncodeSystemPointer), and bypasses Control Flow Guard through Load Config patching (x64) or SetProcessValidCallTargets (x86). Shim variable addresses are resolved dynamically by disassembling LdrSetDllManifestProber, making the technique version-agnostic across all supported Windows builds.

ProcessHollowing is also available as a spawn-inject technique, using section mapping (NtCreateSection / NtMapViewOfSection) for payload placement.

Both techniques accept payloads from a named server pipeline, from a caller-supplied byte array, or via the Migrate path which fetches an sRDI payload automatically using the current agent’s build and architecture.

WFP Firewall Control

The firewall module now includes a Windows Filtering Platform (WFP) subsystem that provides kernel-level network blocking through the FwpmEngine API. This operates independently of the standard Windows Firewall rule set and cannot be disabled by toggling the firewall service.

New cmdlets:

  • Wfp-BlockAdd — Create a persistent WFP filter blocking inbound and outbound traffic for a specified process or IP range.
  • Wfp-BlockGet — Enumerate active WFP filters and sublayers created by the module.
  • Wfp-BlockRemove — Remove a specific filter by ID.
  • Wfp-ProcessBlock — Block all network traffic for a named process (resolves the executable path and creates filters for both inbound and outbound).
  • Wfp-FilterRemove — Remove individual WFP filter entries.

A built-in EDR process list identifies common EDR agent executables for convenient enumeration with Wfp-ProcessBlock.

Expanded Direct Syscall Module

The direct module has been significantly expanded with 19 new syscall cmdlets covering the full set of NT memory and process operations used in injection and process manipulation workflows:

Open-ProcessSyscalls, Open-ThreadSyscalls, Open-ProcessTokenSyscalls, New-VirtualMemorySyscalls, Write-VirtualMemorySyscalls, Read-VirtualMemorySyscalls, Remove-VirtualMemorySyscalls, Set-MemoryProtectionSyscalls, New-ThreadSyscalls, Resume-ThreadSyscalls, Suspend-ThreadSyscalls, Resume-ProcessSyscalls, Get-VirtualMemoryInfoSyscalls, Get-ThreadContextSyscalls, Set-ThreadContextSyscalls, New-SectionSyscalls, Map-SectionSyscalls, Unmap-SectionSyscalls, Close-HandleSyscalls.

These cmdlets issue bare syscall instructions without going through ntdll.dll, making them available as building blocks for custom injection chains constructed in PowerShell scripts.

DCOM Lateral Movement

Invoke-Dcom provides lateral movement using Windows COM object activation over DCOM. Multiple interfaces are supported for remote code execution, making this a complementary option alongside the existing WMI, scheduled task, and service-based execution channels.

Ghost Task Persistence

New-GhostTask and Remove-GhostTask implement a persistence technique that creates scheduled tasks by writing directly to the Task Scheduler internal data structures rather than through the standard Task Scheduler API. This bypasses monitoring of the SchRpcRegisterTask RPC interface that most EDR products instrument for scheduled task creation events.

In-Memory PE Execution (RunPE)

Invoke-InMemoryPE loads and executes a Windows PE file from memory without writing it to disk or creating a new process. The implementation handles relocation, import resolution, TLS callbacks, and entry point execution inside the current process. Output is captured by hooking the standard output and error streams, and command-line arguments can be passed to the loaded PE’s argv. The exit code is captured via an exit hook so execution can be detected as complete without killing the host process.

PowerShell Notebooks

The desktop UI now includes a PowerShell Notebook workspace that combines markdown cells and script cells in a persistent, ordered notebook format. Notebooks are stored server-side and can be created, opened, and resumed across sessions. Script cells execute against a persistent local PowerShell session maintained by the PowerShellSessionService, with streaming output displayed inline below each cell. Markdown cells support full CommonMark rendering for documenting methodology alongside executed code.

The PowerShellSessionControl provides an interactive REPL-style PowerShell terminal embedded in the UI with command history, tab completion, and a separate output stream for verbose and error records.

New String Obfuscation Techniques

Six new PowerShell string obfuscation transformers have been added to the payload pipeline, bringing the total string obfuscation options available to payload operators to nine:

  • Delta — Encodes string characters as cumulative differences from a seed value, reconstructed at runtime with an addition loop.
  • EncodeXml — Embeds strings as XML character entities, decoded with the XML parser at runtime.
  • Interleave — Splits a string into two interleaved halves and rejoins them at runtime.
  • OTP — Applies a one-time pad XOR against a randomly generated key embedded alongside the ciphertext.
  • Substitution — Replaces each character with a random substitute from a runtime-constructed lookup table.
  • XOR — XORs each character against a constant key reconstructed at runtime.

A new RPC Ghosting AMSI bypass source transform has also been added, which ghosts the AMSI provider DLL by leveraging RPC to prevent the scanner from loading cleanly, as an alternative to the existing CLR hooking and AmsiScanBuffer string replacement bypass techniques.

UI Updates

The Avalonia desktop client has been significantly updated throughout this release cycle:

  • AI Session Window — A dedicated full-screen session window displays the conversation timeline, tool call inspector, plan phase/step viewer, and artifact panel. Sessions can be started, paused for human review of tool calls, and resumed.
  • AI Agent Profiles — A new profiles panel allows creating, editing, and assigning agent configurations including the system prompt, model selection, and function whitelist.
  • Command History — The interactive session window now maintains a searchable command history control.
  • TimeSpan Picker — A new reusable picker control for timeout and interval parameters is used throughout the UI wherever a duration is configurable.
  • Event Type Selector — The event log view now includes a structured event type filter control.
  • Implants List — Improved session display with additional metadata columns.
  • Payload Pipeline Editor — Significant updates to the pipeline configuration editor.

SpecterScripts

  • Ghost Task Persistence. This SpecterScript creates a scheduled task to run a payload by manually creating the task which can evade some monitoring software.
  • SMB Scan Local Network. Performs concurrent SMB fingerprinting across all eligible local network interfaces, extracting dialect, server GUID, hostname, domain, and OS version via raw SMB1/SMB2/SMB3 negotiation and NTLM challenge parsing, using the same interface eligibility rules as the local TCP scanner.
  • SMB Scan Target System. Performs concurrent SMB fingerprinting across all eligible local network interfaces, extracting dialect, server GUID, hostname, domain, and OS version via raw SMB1/SMB2/SMB3 negotiation and NTLM challenge parsing, using the same interface eligibility rules as the local TCP scanner.
  • Get SMB Security Settings. Retrieves and displays the status of SMB Signing, NBNS, and LLMNR as a single PowerShell object with human-readable values.
  • Convert AS-REP to Kirbi (Invoke-RubeusASREP2Kirbi)
  • Pause Callbacks
  • Request Service Ticket (Invoke-RubeusAsktgs)
  • User Access Control (UAC) Bypass
  • Spawn Inject
  • Invoke Shadow Extract
  • Clear Windows Event Logs with Wevutil
  • Request TGT (Invoke-RubeusAsktgt)
  • Suspend Process
  • S4U Delegation Attack (Invoke-RubeusS4u)
  • Survey UAC Bypass Techniques
  • Get Logon Statistics
  • Find Credential Files
  • AV/EDR Silencer via Firewall Rule
  • Dump User Hashes Remotely
  • Ghost Task
  • Shadow Credentials (Invoke-RubeusShadowcred)
  • Service Name Substitution (Invoke-RubeusTgssub)
  • Certificate Enrollment (Invoke-RubeusCertenroll)
  • Smb Scan Local Network
  • Forge Golden Ticket (Invoke-RubeusGolden)
  • Migrate Process with Direct Syscalls
  • Test WMI
  • Create /netonly Process (Invoke-RubeusCreatenetonly)
  • Diamond Ticket (Invoke-RubeusDiamond)
  • Get Group Policy Objects
  • Get Installed Software
  • Describe Ticket (Invoke-RubeusDescribe)
  • Shadow Dump
  • Get Logon History
  • Ping Sweep Network
  • Resolve Domain Names (DNS)
  • Remove Firewall Rule
  • Lateral Movement with WinRM
  • Block Process Outbound Traffic via WFP
  • gMSA Password (Invoke-RubeusGmsapassword)
  • Change Password via Kerberos (Invoke-RubeusChangepw)
  • Get Firewall Profiles
  • Lateral Movement with Group Policy Object (GPO)
  • Request TGT with FAST (Invoke-RubeusAsktgtfast)
  • Get SMB Security Settings
  • Smb Scan Target System
  • Create Firewall Rule
  • Remove All WFP Block Rules
  • Password Spray (LDAP)
  • Pre-Auth Scan (Invoke-RubeusPreauthscan)
  • Block All Running EDR Processes via WFP
  • Suspend All Threads
  • Clear Windows Event Logs via PowerShell
  • Lateral Movement with WMI and PowerShell Cradle via API
  • Remove WFP Filter by ID
  • Harvest TGTs (Invoke-RubeusHarvest)
  • Create Firewall Rule with Group Policy Object (GPO)
  • Get Network Interface Profiles
  • Get Active WFP Block Rules
  • AS-REP Roasting (Invoke-RubeusAsreproast)
  • Kerberos Brute Force (Invoke-RubeusBrute)
  • Run In-Memory PE (Base64)
  • Ransomware Simulation
  • List Tickets (Invoke-RubeusKlist)
  • Current LUID (Invoke-RubeusCurrentluid)
  • Exfiltrate Files
  • Triage Tickets (Invoke-RubeusTriage)
  • Increment Group Policy Object (GPO) Version
  • Enumerate Services and ACLs
  • Kirbi Ticket Manipulation (Invoke-RubeusKirbi)
  • Monitor TGTs (Invoke-RubeusMonitor)
  • Remove Group Policy Object (GPO)
  • TGT Delegation Trick (Invoke-RubeusTgtdeleg)
  • Forge Silver Ticket (Invoke-RubeusSilver)
  • Find Unsecure Password Files
  • Get System Route Table
  • Renew TGT (Invoke-RubeusRenew)
  • Pass the Ticket (Invoke-RubeusPtt)
  • Compute Kerberos Hashes (Invoke-RubeusHash)
  • Logon Session Info (Invoke-RubeusLogonsession)
  • Kerberoasting (Invoke-RubeusKerberoast)
  • Dump Tickets (Invoke-RubeusDump)
  • Run Specter PowerShell Cradle as SYSTEM with Schtasks Commandline
  • Persistence with Startup Folder
  • Purge Tickets (Invoke-RubeusPurge)
  • Get Windows Defender Alerts
  • Inject Shellcode
  • Block All EDR Processes via WFP and Report Status

AI Tools

  • AI Models List
  • AI Session Start
  • AI Session Wait
  • AI Tool Create
  • AI Tools List
  • Certificates Create
  • Certificates List
  • Certificates Remove
  • Full DNS Lookup
  • Get Archived Robots Endpoints
  • Get ASN Info
  • Get Domain Registration Info
  • Get Payload Pipeline Details
  • List Archived Robots Endpoints
  • List Tasks by Session
  • List Wayback URLs
  • Listeners Create HTTPS
  • Listeners List
  • Listeners Remove
  • Listeners Update
  • Nmap Scan
  • Passive Email Scraper
  • Payload Pipelines List
  • Run PowerShell Script
  • Run Shell Command on Server
  • Send Email
  • Sessions List
  • Sessions Run Command
  • Sessions Run SpecterScript
  • Sessions Tasks List by TaskId
  • Specter Builds Create
  • Specter Builds List
  • Specter Builds Remove
  • SpecterScripts Create
  • SpecterScripts Delete
  • SpecterScripts List
  • Web Request
  • XSSProbe

Bugs

  • Fixed bug where some stagers would fail due to double initialization of the core Specter implant.
    • Increased Windows 7 support.
Scroll to Top