CupcakeC2

# Cupcake C2 (v3.0.5)       **Cupcake C2** is a high-performance, industrial-grade Command & Control tool with **Go + Rust** architecture. It integrates modern red team operation's in-depth evasion techniques (AMSI/ETW Patching) with ultimate UI interaction experience, specifically designed to bypass modern EDR/AV monitoring. > **"Sweet as a cupcake, invisible as a ghost."** --- ## 🛠️ Tech Stack Architecture Cupcake adopts a classic high-performance hybrid development model, ensuring high concurrency processing capability on the server-side and extreme lightweight on the client-side: | Module | Core Technology | Advantage | | :--- | :--- | :--- | | **Server** | **Go (Gin, GORM, SQLite)** | High concurrency processing, low memory usage, easy deployment. | | **Agent** | **Rust (Tokio, Yamux, WinAPI)** | Memory safety, no extra runtime, low-level system call control capability. | | **Frontend** | **Vue 3 (Vite, Element Plus)** | Ultimate response speed, modern dark UI, on-demand loading optimization. | | **Build System** | **Cargo + CI/CD Scripts** | Supports cross-platform compilation and automated source code desensitization. | --- ## ✨ Core Evasion and OpSec Features (New) In the latest v3.0.5 version, we introduced multiple deep confrontation techniques: ### 1. Dynamic Self-Repair Patching - **AMSI Bypass**: Dynamically locate `amsi.dll`'s `AmsiScanBuffer` offset at runtime, and shield memory scanning through assembly-level operations (RET instruction coverage), making local antivirus software (360/ Fireball/ Defender) lose perception of payload in memory. - **ETW Telemetry Blinding**: Directly patch `EtwEventWrite` in `ntdll.dll` to completely cut off EDR (such as Kaspersky, Fireball) behavior telemetry chain. ### 2. Traffic and Memory Obfuscation (Evasion) - **Stealthy Memory Ballooning**: Adopt **progressive distributed memory balloon** technology to simulate large application (such as browser) startup memory allocation behavior, inducing cloud sandbox to give up analysis and bypass local antivirus software's instant large memory application warning. - **Sleep Obfuscation Bypass**: Abandon traditional `sleep` API and use air-turned CPU to calculate prime numbers for startup delay. Bypass EDR's hook on sleep function. - **Traffic Obfuscation**: - **WebSocket + TLS**: Support cloud CDN forwarding and domain fronting. - **Packet Obfuscation**: Optional `base64` text disguise or `junk` garbage data filling to counter DPI feature extraction. ### 3. Multiplexing Communication (Protocols) - **Yamux Multiplexing**: Multiplex infinite streams (Shell, FS, Socks5) within a single TCP/WS connection. - **Bind-TCP Mode**: Designed for isolated network lateral movement, supporting server-side active detection and timing reconnection retry (Backoff mechanism). - **DNS (TXT) Tunnel**: Covert heartbeat and instruction transmission based on DNS queries. ### 4. Ultimate Front-end Experience - **First Screen Optimization**: Through Vite code splitting, the first screen core resource file is compressed from **1.1MB to 12KB**. - **Real-time Progress Feedback**: File block rendering and upload/download real-time progress bar support, with constant memory usage. --- ## 🚀 Deployment Guide ### Environment Preparation - **Go 1.21+** - **Rust 1.75+** (need to install `x86_64-pc-windows-msvc` target for cross-compilation) - **Node.js 18+** ### Quick Start **Default account password: admin / cupcake123** #### Windows ``` ## Make sure you are in the CupcakeC2 directory cd .\server\frontend-v2\ npm install npm run build cd ../ go run . ``` <img width="1431" height="768" alt="image" src="https://github.com/user-attachments/assets/66afdbdf-517e-416d-93e1-809e901e4155" /> #### Linux ``` ## Pull the project git clone https://github.com/yellatiamo/CupcakeC2.git ## Grant quick build script permission chmod +x run_linux.sh ## Later restart cd server/ go run . ``` <img width="1440" height="819" alt="image" src="https://github.com/user-attachments/assets/2a57fe18-d488-4a9a-a2d8-d0c7c81d22e6" /> <img width="1436" height="818" alt="image" src="https://github.com/user-attachments/assets/7df8f7ca-9c00-405c-bffe-24a6e7bba571" /> ### Evasion Effect Display > Detect Linux sample <img width="1446" height="969" alt="image" src="https://github.com/user-attachments/assets/ef1296bf-64fa-40f6-b695-250bbf00963b" /> > Detect Windows sample <img width="1503" height="1134" alt="image" src="https://github.com/user-attachments/assets/27b63778-d448-413e-821a-994565b805d6" /> --- ## ⚠️ Disclaimer This tool is only for **legal authorized security testing**. Users must comply with local laws and regulations, and it is strictly prohibited to use it for illegal purposes. The author does not assume any responsibility for damages caused by abuse of this tool. **Developed by Tiamo | Version 3.0.5 • Build 2026**