Fatratgithub
The tool relies heavily on secondary GitHub repositories and packages maintained by other creators:
: Seamlessly communicates with the Metasploit Framework to provision listeners and handle active incoming reverse shells.
Because The FatRat relies heavily on Metasploit-based payloads, defenders can mitigate these threats effectively using a defense-in-depth strategy:
The FatRat will obfuscate the source, compile it using x86_64-w64-mingw32-gcc , and output the final file to the TheFatRat/output/ folder. The Cat-and-Mouse Game of AV Evasion fatratgithub
Create a new branch on your repository. This will be the branch where you'll store your blog post. You can name it anything you like, but for this example, let's call it blog .
In the context of the (formerly Perl 6) programming language, FatRat is a specific built-in data type for high-precision rational numbers.
for Windows payload compilation and various Python/Ruby libraries. Key Resources Official Repository Screetsec/TheFatRat Troubleshooting Guide troubleshoot.md file in the repository covers most common execution errors. generating a specific payload type , such as an Android APK or a Windows executable? armv7l arch · Issue #101 · screetsec/TheFatRat - GitHub The tool relies heavily on secondary GitHub repositories
It uses various encoders and obfuscation techniques to help payloads remain undetected by antivirus programs. Automation:
Traditional antivirus relies on signatures, which FatRat can evade. You need EDR solutions (CrowdStrike, SentinelOne, Microsoft Defender for Endpoint) that monitor behavior , not just file hashes.
FatRat loves PowerShell and Microsoft Office macros. Configure Group Policy to block macros from the internet and restrict PowerShell to Constrained Language Mode. This will be the branch where you'll store your blog post
--- title: My First Blog Post date: 2023-02-20 categories: blog ---
Consequently, a payload generated by a default, unedited version of The FatRat might be flagged by Windows Defender or modern EDRs today. To truly bypass advanced endpoint security, professional penetration testers use tools like The FatRat as a foundation , manually altering the generated C/C++ source code, changing encryption keys, or wrapping the payload in custom loaders before deployment.
Includes modules for post-exploitation, such as file management and browser attacks.
As with any powerful offensive security tool, the legality of using The FatRat depends entirely on .