pip install red-specter-screamer
The machine is dark. The screen is lying. The mind is deceived.
The weakest link in incident response isn't the SIEM. It's the human watching the screen. SCREAMER attacks the display layer — framebuffers, terminal output, dashboards, GUI elements — and makes the operator see exactly what the attacker wants them to see during the critical window.
Security dashboards that show green are trusted. SCREAMER can falsify real-time dashboard data — suppress real alerts, inject fake healthy metrics, and make the SOC believe the system is clean while the breach progresses.
Operators trust their terminal. SCREAMER injects ANSI escape sequences, poisons terminal buffers, and falsifies log output to hide malicious activity. The tail -f shows nothing while the exfil runs.
When an incident responder screenshots evidence, SCREAMER can manipulate what gets captured. Screenshot manipulation produces clean forensic captures even when the system is compromised. Evidence integrity collapses.
Framebuffer corruption that looks like a failing GPU creates cognitive noise. The operator's first reaction is hardware fault, not attack. SCREAMER buys time by making the disruption look like a mundane technical problem.
Application-level display manipulation gets cleared on restart. SCREAMER's persistence layer operates at GPU driver level and UEFI framebuffer depth — corruption reappears before the OS loads, before any defensive tooling initialises.
SCREAMER is designed to execute at the worst possible moment. Timed attacks that corrupt screens during active incident response. Progressive corruption that escalates while the responder tries to understand what they're looking at.
Each category targets a different layer of the display and operator stack. Deployed individually or chained for maximum simultaneous impact with PHANTOM KILL and SPECTER SOCIAL.
Direct attacks on GPU and display memory. Linux /dev/fb0 writes, Windows GDI surface manipulation, DirectX injection, GPU VRAM corruption via rowhammer. Text decays character by character. Numbers fall apart across the screen.
Intercept what gets drawn before the human sees it. Shader exploitation, render queue manipulation, display protocol injection, font subsystem corruption. Text deconstructs at the rendering engine level.
Corrupt CLI output and log displays. ANSI escape sequence injection, terminal buffer poisoning, log output falsification — show clean logs while hiding malicious activity. Shell prompt injection. stdout/stderr interception.
Make dashboards show false data. Security dashboard falsification — show green while the system burns. Alert suppression. Metric manipulation. Clipboard poisoning. Screenshot manipulation — captured evidence shows a clean system.
Timed psychological disruption. Corrupt screens at the critical moment of incident response. Disrupt forensic analysis. Progressive corruption — start subtle, escalate to full meltdown. Recovery loop — corruption reappears after operator fixes it.
Attacks that survive application restarts. GPU driver-level persistence. Boot splash injection — corruption appears before the OS loads. UEFI framebuffer poisoning chains with PHANTOM KILL BOOTKILL. Monitor firmware attack via DDC/CI protocol.
Safe. Reversible. Devastating to watch. Nothing gets security budget approved faster than watching a CISO's own screen melt during a briefing.
SCREAMER is the operator disruption layer. It operates in coordination with PHANTOM KILL (machine blindness) and SPECTER SOCIAL (mind compromise) as the full human compromise trinity.
Every framebuffer write, every ANSI injection, every render pipeline hook — written from scratch in pure Python and platform-native APIs. No subprocess calls. No third-party display manipulation libraries. Actual low-level engineering.
Red Specter SCREAMER is intended for authorised security testing and red team engagements only. Unauthorised use against systems you do not own or have explicit permission to test may violate the Computer Misuse Act 1990 (UK), Computer Fraud and Abuse Act (US), and equivalent legislation in other jurisdictions. Always obtain written authorisation before conducting any security assessments. Apache License 2.0.