LLM Talks to Malware Implant

When you can talk to a live running malware implant during engagements ☠️

What if you your malware implant can learn and build new capabilities while running on a compromised machine ?

Introduction

We'll walk through the development of an interactive C2 implant powered by Large Language Models (LLMs) and the Model Context Protocol (MCP).

LLMplant takes adversary simulation to a new level with dynamic, on-the-fly C# tasking using Roslyn, all driven by an LLM interface (e.g. Claude ai desktop).

What is MCP and Why Use It?

Before diving into the code, a quick primer:

MCP (Model Context Protocol) is a C2 communication pattern where an LLM or an external logic service generates implants' tasking dynamically. The implant posts beacons and checks for JSON-encoded tasks, which can include dynamically generated code to compile and run in-memory.

This makes detection and static analysis much harder while enabling adaptive adversary simulation workflows.

Project Structure

Here’s the directory layout for LLMplant:

arduinoCopyEditLLMplant/
├── Agent/
│   ├── Agent.csproj
│   ├── AgentClient.cs
│   ├── CodeCompiler.cs
│   ├── Program.cs
│   └── TaskManager.cs
├── Models/
│   └── AgentTask.cs
├── Server/  <-- future work
├── featureless implant.mp4
└── README.md

Implant Check-In & Task Flow

The implant beacons to the MCP server using HttpClient.PostAsync(), sending a simple JSON payload:

jsonCopyEdit{"status":"idle"}

The server replies with a task which could be a predefined action or C# source code string to compile on the fly.

Task JSON Example:

jsonCopyEdit{
  "TaskName": "GetHostname",
  "IsCode": true,
  "Code": "return async () => { Console.WriteLine(System.Environment.MachineName); };"
}

Screenshot: Insert your screenshot here of task being dispatched and received

Dynamic In-Memory C# Compilation

We’re using the Roslyn scripting engine to compile received code:

csharpCopyEditvar script = CSharpScript.EvaluateAsync<Func<Task>>(code, scriptOptions).Result;

TaskManager then executes the compiled delegate. Execution results are POSTed back to /results endpoint.

Demo

Watch it in action:

LLM with Kali Linux

In this section, we'll demonstrate a practical proof-of-concept (PoC) for integrating MCP-based implant control directly from a Kali Linux machine allowing an operator to dynamically generate, task, and control implants via an LLM.

What’s Happening Here

In this PoC:

The implant continuously beacons to the MCP server on Kali.
The operator uses an LLM (WindSurf/Cursor/other MCP-client) to dynamically generate C# tasks.
Tasks are compiled and executed in-memory via Roslyn on the implant.
Results are exfiltrated back to the Kali MCP server for review.

Demo

Watch it in action:

This approach allows for non-static, operator-driven post-exploitation capabilities while keeping infrastructure OPSEC-friendly and enabling AI-driven tasking logic.

References & Inspirations

PreviousMCPlant - LLM Based C2 NextBunker

Last updated 4 months ago