Red Specter SPECTER CRYPT

AI-Assisted Ransomware Simulation Engine — 8 subsystems covering the complete ransomware kill chain with AES-256-CBC encryption, LLM-API covert C2, and impacket lateral movement.

v1.0.0 — 297 tests passing

Contents

Overview The 8 Subsystems Subsystem Details Full Pipeline Mode Covert C2 Engine Encryption Engine Propagation — impacket Report Output Requirements Standards Coverage UNLEASHED Disclaimer

Overview

Red Specter SPECTER CRYPT is an AI-assisted ransomware simulation engine. It operationalises the complete ransomware kill chain in a controlled, authorised environment — from initial target reconnaissance through shadow copy destruction, data exfiltration, covert LLM-API command-and-control, AI-generated ransom note production, AES-256-CBC file encryption with key escrow, and impacket-driven lateral movement.

SPECTER CRYPT is NIGHTFALL Tool 82. It provides 8 subsystems under a single CLI (specter-crypt), two covert C2 channels (base64_json prompt embedding and whitespace steganography), and Ed25519-signed CryptReports with full MITRE ATT&CK and ATLAS TTP mapping. Real AES-256-CBC encryption with key escrow ensures no files are permanently lost during authorised red-team exercises.

Security teams use SPECTER CRYPT to validate ransomware detection rules, test incident response playbooks, generate realistic artefacts for IR exercises, and verify that network segmentation prevents lateral movement. Every simulation produces a signed evidence chain suitable for post-engagement reporting.

The 8 Subsystems

#	Subsystem	Command	Gate	What It Does
01	RECON	specter-crypt recon	OPEN	Target enumeration — files, high-value targets, shares, network hosts, recon manifest
02	SHADOW	specter-crypt shadow	INJECT	Shadow copy and backup destruction simulation — VSS/wmic commands, service stop sequence
03	EXFIL	specter-crypt exfil	INJECT	Pre-encryption data staging — double-extortion archive creation and channel simulation
04	C2	specter-crypt c2	INJECT	LLM-API covert C2 — base64_json prompt embedding and whitespace steganography channels
05	RANSOM	specter-crypt ransom	INJECT	AI-generated ransom notes — corporate/personal/government templates, negotiation portal
06	ENCRYPT	specter-crypt encrypt	DESTROY	AES-256-CBC file encryption — per-file IV, .crypt extension, key escrow, selective targeting
07	PROPAGATE	specter-crypt propagate	DESTROY	Lateral movement — impacket psexec and pass-the-hash against authorised target hosts
08	REPORT	specter-crypt report	OPEN	Ed25519-signed CryptReport — SHA-256 evidence chain, ATT&CK + ATLAS TTP mapping

Subsystem Details

01 RECON specter-crypt recon

Enumerates the target environment and produces a manifest for downstream subsystems.

File system scan — recursive enumeration of target directory or path
High-value identification — targets .docx, .xlsx, .pdf, .sql, .env, .pem, .key, .db, .bak
Network share discovery — SMB share enumeration on the local network
Host enumeration — ICMP and TCP probing for reachable hosts in subnet
Manifest output — recon_manifest.json with file list, share list, host list
Gate — OPEN, no flags required

02 SHADOW specter-crypt shadow

Simulates shadow copy and backup destruction — the pre-encryption step used by all major ransomware families.

VSS deletion — generates vssadmin delete shadows /all /quiet commands
WMIC sequence — generates wmic shadowcopy delete command chain
Backup service stop — Windows Backup and VSS service stop sequence
Restore point removal — wmic delete restore points command generation
Dry-run mode — generates artefacts without OS execution (--dry-run)
Gate — INJECT, requires --override

03 EXFIL specter-crypt exfil

Stages high-value files for double-extortion simulation before the ENCRYPT phase.

File selection — pulls high-value files from RECON manifest
Archive creation — AES-256-CBC encrypted tar.gz staging archive
Channel simulation — records exfil destination and transfer timing
Staging directory — configurable path for staged artefacts
Double-extortion evidence — generates exfil_receipt.json for REPORT
Gate — INJECT, requires --override

04 C2 specter-crypt c2

Establishes a covert command-and-control channel using LLM API calls as the transport layer.

base64_json mode — operator instructions serialised as JSON, base64-encoded, embedded in LLM prompt text; commands decoded from model response
whitespace_stego mode — beacon signal encoded as Unicode zero-width characters (U+200B, U+200C, U+200D) injected into cover text
Signal ratio — measures stego fidelity (encoded bits recovered / total bits sent)
PCAP generation — captures C2 traffic to pcap file for IR training exercises
Provider support — OpenAI, Anthropic, Gemini, generic OpenAI-compatible
Gate — INJECT, requires --override

05 RANSOM specter-crypt ransom

Generates AI-authored ransom notes contextually tailored to the target organisation.

Templates — corporate, personal, government, healthcare (selectable)
Contextual tailoring — references target name, file count, encrypted extension
Negotiation portal — generates onion address in SCR-{hex12} format
Payment addresses — Bitcoin and Monero address templating
Urgency framing — deadline escalation language, double-extortion pressure
Output — ransom.txt dropped to target directory and REPORT artefact
Gate — INJECT, requires --override

06 ENCRYPT specter-crypt encrypt / specter-crypt decrypt

Real AES-256-CBC file encryption with key escrow for authorised recovery.

Cipher — AES-256-CBC with cryptographically random per-file IV
Padding — PKCS7 (standard for AES-CBC block alignment)
Extension — .crypt appended to each encrypted file name
Key escrow — master key saved to escrow.key.enc (RSA-wrapped or passphrase-derived)
Selective targeting — by file extension, directory, or RECON manifest
Ransom note drop — ransom.txt placed in each affected directory
Decrypt command — specter-crypt decrypt --escrow escrow.key.enc restores all files
Audit log — SHA-256 pre/post hash for every encrypted file path
Gate — DESTROY, requires --override --confirm-destroy

07 PROPAGATE specter-crypt propagate

Lateral movement simulation via impacket — psexec and pass-the-hash methods.

psexec method — service-based remote execution over SMB (impacket psexec)
pass_the_hash method — NTLM hash authentication without plaintext password
Target list — host list from RECON manifest, scope file enforced
Simulation payload — deploys a benign marker payload to each reachable host
Per-host results — success/fail, method, timing, error recorded per host
Scope enforcement — --scope-file flags authorised hosts only; out-of-scope hosts refused
Gate — DESTROY, requires --override --confirm-destroy

08 REPORT specter-crypt report

Aggregates all subsystem outputs into a signed CryptReport with full TTP mapping.

Report ID — SCR-{hex12} unique identifier per engagement
Ed25519 signature — ephemeral or pre-issued private key signs the full report
SHA-256 evidence chain — hash-chained across all subsystem artefacts in order
MITRE ATT&CK TTPs — T1486/T1490/T1041/T1570/T1550.002/T1566
MITRE ATLAS TTPs — AML.T0051/T0043/T0056/T0048/T0040
OWASP LLM taxonomy — LLM01/LLM02/LLM06/LLM08/LLM09
Severity ratings — CRITICAL/HIGH/MEDIUM per finding
JSON output — full artefact manifest for IR team handoff

Full Pipeline Mode

One command runs all 8 subsystems in sequence — recon through report — producing a signed CryptReport.

$ specter-crypt run --target ./testenv/ --c2-provider openai --c2-mode base64_json --override --confirm-destroy
    

CLI Options

$ specter-crypt run --help

  --target, -t          Target directory or path for recon/encrypt/propagate [required]
  --c2-provider         C2 LLM provider: openai, anthropic, gemini, generic [default: openai]
  --c2-mode             C2 channel mode: base64_json, whitespace_stego [default: base64_json]
  --api-key, -k         LLM API key [optional — reads env OPENAI_API_KEY etc.]
  --ransom-template     Ransom note template: corporate, personal, government [default: corporate]
  --encrypt-ext         File extensions to encrypt [default: docx,xlsx,pdf,sql,env,pem]
  --scope-file          Authorised host scope file for PROPAGATE [required for propagate]
  --propagate-method    Lateral movement method: psexec, pass_the_hash [default: psexec]
  --output-dir          Output directory for artefacts [default: crypt_output]
  --dry-run             Generate artefacts without executing destructive operations
  --override            Activate INJECT tier (shadow/exfil/c2/ransom)
  --confirm-destroy     Activate DESTROY tier (encrypt/propagate) [requires --override]
    

Individual Subsystem Commands

$ specter-crypt recon --target ./testenv/
$ specter-crypt shadow --override --dry-run
$ specter-crypt exfil --override --manifest recon_manifest.json
$ specter-crypt c2 --override --provider openai --mode base64_json
$ specter-crypt c2 --override --provider openai --mode whitespace_stego
$ specter-crypt ransom --override --template corporate
$ specter-crypt encrypt --override --confirm-destroy --target ./testenv/
$ specter-crypt decrypt --escrow escrow.key.enc --target ./testenv/
$ specter-crypt propagate --override --confirm-destroy --method psexec --scope-file scope.txt
$ specter-crypt propagate --override --confirm-destroy --method pass_the_hash --scope-file scope.txt
$ specter-crypt report
    

Covert C2 Engine

base64_json Channel

Operator instructions are serialised as a JSON object and base64-encoded. The encoded payload is embedded in the user turn of an LLM API call as a comment or annotation. The model response carries the encoded acknowledgement back. The client base64-decodes the response to extract the C2 command confirmation.

Traffic is indistinguishable from normal LLM API usage to network monitors
Payload size constrained by model context window (default: 512-token payload budget)
PCAP capture records full HTTP request/response for IR training use
Supports multi-turn C2 sessions (--turns flag, default: 3)

$ specter-crypt c2 --override --provider openai --mode base64_json --turns 5 --pcap
    

whitespace_stego Channel

A binary beacon signal is encoded as a sequence of Unicode zero-width characters (U+200B = 0, U+200C = 1). The encoded signal is injected into normal cover text at word boundaries. The receiver strips visible characters and decodes the zero-width sequence back to the original beacon. Signal ratio measures the proportion of bits successfully recovered.

Cover text appears entirely normal to human readers and content filters
Detectable only via explicit Unicode normalisation or character-level analysis
128–256 token cover text per beacon by default (--cover-tokens flag)
Signal ratio target: >0.90 (ratio below 0.70 triggers WARN in report)

$ specter-crypt c2 --override --provider anthropic --mode whitespace_stego --cover-tokens 256
    

Encryption Engine

SPECTER CRYPT uses AES-256-CBC — the same cipher family used by major ransomware campaigns. All encryption is reversible via the key escrow mechanism.

Encryption Process

Master key: 256-bit random key generated per engagement (os.urandom(32))
Per-file IV: 128-bit random IV generated per file (os.urandom(16))
Padding: PKCS7 to align plaintext to 16-byte AES block boundary
Output: IV prepended to ciphertext, saved as {original_filename}.crypt
Original file overwritten with encrypted version
Ransom note dropped to each affected directory as ransom.txt

Key Escrow

Master key saved to crypt_output/escrow.key.enc at encryption start
Escrow format: RSA-wrapped (--escrow-rsa) or passphrase-derived KDF (default)
Recovery: specter-crypt decrypt --escrow crypt_output/escrow.key.enc --target ./testenv/
Decrypt reads IV from file header, decrypts with master key, restores original filename
Verification: SHA-256 of decrypted file compared against pre-encryption hash in audit log

$ specter-crypt encrypt --override --confirm-destroy --target ./testenv/docs/ --ext docx,xlsx,pdf
$ specter-crypt decrypt --escrow crypt_output/escrow.key.enc --target ./testenv/docs/
    

Propagation — impacket

psexec Method

Uses impacket's psexec implementation to deploy a service-based remote execution payload to authorised target hosts over SMB. Requires SMB access and valid credentials in the scope file.

$ specter-crypt propagate --override --confirm-destroy --method psexec --scope-file scope.txt --credentials creds.json
    

pass_the_hash Method

Uses NTLM hash-based authentication — no plaintext password required. Hash is supplied in the credentials file in LM:NT format. Demonstrates that password resets alone are insufficient if hashes remain valid.

$ specter-crypt propagate --override --confirm-destroy --method pass_the_hash --scope-file scope.txt --hash aad3b435b51404eeaad3b435b51404ee:8846f7eaee8fb117ad06bdd830b7586c
    

Scope File Format

# scope.txt — one authorised host per line
0.0.15
0.0.23
168.1.100
    

Report Output

SPECTER CRYPT generates a signed CryptReport (SCR) aggregating all subsystem findings.

Report Schema

{
  "report_id": "SCR-a3f29b1c4e7d",
  "timestamp": "2026-05-13T14:22:11Z",
  "target": "./testenv/",
  "subsystems_run": ["recon","shadow","exfil","c2","ransom","encrypt","propagate"],
  "findings": [...],
  "severity": "CRITICAL",
  "mitre_attack_ttps": ["T1486","T1490","T1041","T1570","T1550.002","T1566"],
  "mitre_atlas_ttps": ["AML.T0051","AML.T0043","AML.T0056","AML.T0048","AML.T0040"],
  "owasp_llm": ["LLM01","LLM02","LLM06","LLM08","LLM09"],
  "evidence_chain_hash": "sha256:...",
  "ed25519_signature": "...",
  "artefacts": ["recon_manifest.json","exfil_stage.tar.gz.enc","c2_pcap.pcap","ransom.txt","escrow.key.enc"]
}
    

Requirements

Core (always required) Python 3.10+, cryptography, impacket, httpx, pynacl, pypcapfile

C2 Channels openai, anthropic, google-generativeai (provider-dependent)

INJECT Tier Valid UNLEASHED Ed25519 key in SPECTER_PRIVATE_KEY env var

DESTROY Tier --override --confirm-destroy flags + UNLEASHED key (dual-sign)

$ pip install red-specter-specter-crypt
# With all C2 provider dependencies:
$ pip install "red-specter-specter-crypt[all]"
    

Standards Coverage

MITRE ATT&CK TTPs

T1486 — Data Encrypted for Impact (ENCRYPT subsystem)
T1490 — Inhibit System Recovery (SHADOW — VSS destruction)
T1041 — Exfiltration Over C2 Channel (EXFIL + C2 combined)
T1570 — Lateral Tool Transfer (PROPAGATE psexec deployment)
T1550.002 — Pass the Hash (PROPAGATE pth method)
T1566 — Phishing / Social Engineering (RANSOM note delivery)

MITRE ATLAS TTPs

AML.T0051 — LLM Prompt Injection (C2 base64_json channel embedding)
AML.T0043 — Craft Adversarial Data (AI ransom note generation)
AML.T0056 — LLM Jailbreak (C2 channel evasion techniques)
AML.T0048 — External Harms (double extortion victim impact)
AML.T0040 — Supply Chain Compromise (lateral propagation vector)

OWASP LLM Top 10

LLM01 — Prompt Injection (C2 base64_json channel)
LLM02 — Insecure Output Handling (AI-generated ransom note content)
LLM06 — Excessive Agency (autonomous propagation actions)
LLM08 — Vector & Embedding Weaknesses (whitespace stego channel)
LLM09 — Misinformation (AI-generated extortion and social engineering)

UNLEASHED

SPECTER CRYPT uses the standard NIGHTFALL three-tier UNLEASHED gate enforced by Ed25519 signature verification.

OPEN — RECON, REPORT. No flags required. No key required.
INJECT — SHADOW, EXFIL, C2, RANSOM. Requires --override and valid UNLEASHED key in SPECTER_PRIVATE_KEY environment variable.
DESTROY — ENCRYPT, PROPAGATE. Requires --override --confirm-destroy and UNLEASHED key. Dual-sign enforced: both flags must be present and key must verify.

# Set UNLEASHED key for INJECT/DESTROY operations:
$ export SPECTER_PRIVATE_KEY=$(cat /path/to/unleashed.key)

# INJECT tier — shadow copy destruction simulation:
$ specter-crypt shadow --override

# DESTROY tier — real AES-256-CBC encryption:
$ specter-crypt encrypt --override --confirm-destroy --target ./testenv/
    

Disclaimer

AUTHORISED USE ONLY. SPECTER CRYPT is designed exclusively for authorised red-team exercises, penetration testing engagements, and ransomware defence validation in isolated test environments. The ENCRYPT subsystem performs real AES-256-CBC file encryption — always run against dedicated test environments with verified backups and full system snapshots. Use against production systems, unauthorised hosts, or without explicit written permission from the system owner is illegal and strictly prohibited. Unauthorised use may violate Computer Misuse Act 1990 (UK), Computer Fraud and Abuse Act (US), and equivalent legislation globally. SPECTER CRYPT is restricted to licensed operators with verified UNLEASHED credentials. Apache License 2.0 — use subject to Red Specter authorised operator agreement.