Rebuilding a Faction: Part 3

The release of Faction 2.0.0-alpha

Today I'm releasing Faction 2.0.0-alpha. It doesn't work, don't try to use it.

It's weird to merge in code that essentially breaks the project. Faction is being re-written, but the previous version at least works.. mostly. I want to take some time to explain this decision as well as talk about what the future of Faction looks like.

I've been thinking a lot about how Faction fits into the information security ecosystem. Particularly two points:

  1. What new or novel thing does it bring to table

  2. Does it represent something I want to contribute to the community

In the previous two parts of this series I've talked about some of the technical details around the Faction re-write. I think technically it's doing some really cool stuff that no other C2 framework is doing yet, particularly in its use of GraphQL as it's primary API and being designed for Kubernetes.

The new code for the rewrite has sat in different branches on each project for awhile now. The old version of Faction still sat in the main branches, if you came to Faction fresh it's what you'd end up installing. I haven't been a fan of this because it's not code I plan on maintaining so I figured it's better to just go ahead and merge the re-write stuff and call it Faction 2.0.0-alpha. Its a more accurate representation of where the project is at.

The second point inspired some other changes. There are plenty of wonderful options for open source post exploitation frameworks. I don't think the world needs another C2 framework and if I'm being completely honest, I don't know that I really want to contribute to the offensive open source ecosystem any more. That said I've gone ahead and deleted all the Docker images for Faction and removed the repository for the Marauder agent. You're still able to build Faction by rolling back to the previous commit, though I will not be offering any help in doing so.

Ultimately I'd like to find a way to leverage the Faction to more explicitly help the defensive side of infosec. I have some ideas around this but for now the goal of Faction is simple, it's a tech demo to learn about kubernetes and microservice application design. I hope it's helpful.