File Download - How Does it Work? #2025

burt-mianus · 2025-10-24T08:27:19Z

burt-mianus
Oct 24, 2025

Hello, I am using Sliver to emulate C2 behaviour in my lab, and when doing firewall inspection I see file downloads appearing as transfers of .api files (i think). It almost looks like the is broken down into smaller chunks and packaged as these benign php files and transferred to the server.

(apologies for the crude terminology....)

Would appreciate some help understanding the behaviour.

Thanks

Answered by moloch--

Oct 25, 2025

This document describes the process:
https://sliver.sh/docs?name=HTTPS+C2#under-the-hood

View full answer

moloch-- · 2025-10-25T03:26:31Z

moloch--
Oct 25, 2025
Maintainer

This document describes the process:
https://sliver.sh/docs?name=HTTPS+C2#under-the-hood

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

File Download - How Does it Work? #2025

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

File Download - How Does it Work? #2025

Uh oh!

burt-mianus Oct 24, 2025

Replies: 1 comment

Uh oh!

moloch-- Oct 25, 2025 Maintainer

burt-mianus
Oct 24, 2025

moloch--
Oct 25, 2025
Maintainer