Threat actors are becoming more interested in Sliver, a legal command-and-control (C2) framework that has emerged as an open source substitute for Cobalt Strike and Metasploit. The research was conducted by Cybereason, which last week released a thorough investigation of its internal operations. Sliver is a cross-platform post-exploitation framework built on Golang and created by cybersecurity startup BishopFox for use by security experts in red team operations. Its numerous adversary simulation features, including as dynamic code creation, in-memory payload execution, and process injection, have also made it a desirable tool for threat actors trying to quickly obtain access to the target system.