Research
Necromancer Labs conducts ongoing security research. Here you will find our open source research papers and disclosures. For non-disclosed research inquiries, please contact us.
2025
| Area | Title | Date |
|---|---|---|
| OSINT | GOst in the Protocol | May 19, 2025 |
GOst in the Protocol: Hunting Ligolo with JARM Fingerprinting in the wild May 17, 2025 Super TL;DR: You can git clone Ligolo and connect to Ligolo redirection proxies on the Internet. We have 3 JARM signatures to search for them, one is identical to Sliver C2 (default Go TLS is very signaturable). We created a custom ligolo agent that can verify if a server is a Ligolo proxy. We do not advise you check-in as an agent to foreign Ligolo redirection servers. They are probably APTs or threat actors. ...