Java Universal Agent

A Java shellcode agent that can be used as a post-exploitation module. It can be injected into a JVM or be run as a standalone binary using Java Launch4J.

The Java Universal Agent is a flexible post-exploitation component within Control Pack designed to operate directly inside Java environments. It can run as a standalone agent or be dynamically injected into an already running Java application, allowing it to function within a live JVM without requiring a restart or any modification to the target application. This makes it particularly useful in environments where stability and stealth are important.

Once active, the agent is capable of discovering other Java processes running on the same system and interacting with them at runtime. Through JVM enumeration and runtime attach techniques, the agent can pivot between Java processes in memory, effectively migrating its execution context without writing additional artifacts to disk. This enables advanced lateral movement inside Java-heavy environments such as application servers, middleware platforms, and enterprise services.

In addition to its injection and migration capabilities, the Java Universal Agent provides standard C2 functionality, enabling interaction with the compromised environment. This includes maintaining communication with the operator, executing tasks within the JVM context, and supporting complex post-exploitation workflows where persistence inside Java processes is required.