Payloads are executables that can be delivered and executed through LimaCharlie's sensor. Payloads can be any executable. The main use case is to run something with specific functionality not available in the LimaCharlie offering. This feature can be used to run custom executables provided by another vendor to cleanup a machine, forensic utilities or firmware-related utilities, etc. We encourage our users to use native functionality first as it comes with all the benefits of being tightly integrated into the platform, but if you need this powerful capability it is there.

In order to place tight controls over who can deploy and run payloads we have added specific permissions. Payloads are managed with two permissions:

  • payload.ctrl: allows you to create and delete payloads.

  • payload.use: allows you to run a given payload.

Payloads are uploaded to the LimaCharlie platform and given a name. The task can then be used to run the payload with optional arguments.

The STDOUT and STDERR data will be returned in a related RECEIPT event, up to ~10 MB. If your payload generates more data, we recommend to pipe the data to a file on disk and use the log_get command to retrieve it.

Please check our technical documentation for more details, or ask our support team for help.

Did this answer your question?