ICMP‑Ghost — a C2 agent for covert control and DPI/EDR evasion

A minimalist x64 Assembly C2 agent that operates entirely in memory and uses ICMP packets as a covert communication channel.

Features: 📍 Communicates via ICMP Echo Request/Reply (Type 8/0) 📍 Fully fileless architecture — loads and executes entirely in RAM via system-call-based injection using ptrace 📍 Uses Rolling XOR for command encryption while maintaining a minimal network footprint 📍 Launches a hidden background process that runs from memory and is detached from the terminal via the memfd_create system call

Similar tools: icmpsh, ICMPDoor, Cobalt Strike ICMP C2

📎 Tool: https://github.com/JM00NJ/ICMP-Ghost-A-Fileless-x64-Assembly-C2-Agent

💬 Discuss