# Kharon Agent - Overview

* **HTTP/S Listener**
  * Proxy settings
  * SSL
  * Malleable profile
* **KillDate and WorkingTime control**
* **Reverse port forwarding support**
* **Socks5 Proxy**
* **Sleep Obfuscation** (timer)
* **Heap Obfuscation**
* **Token Manipulation**
* **Process Explorer**
* **File Explorer**
* **Fork with spawn and explicit method**
* **Stack Spoofing + Indirect Syscall**
* **BOF API Proxy to proxy bof api execution to Stack Spoof + Indirect**
* **BOF in-memory execution**
* **Shellcode injection**
* **PowerShell with script execution + AMSI/ETW bypass**
* **Behavior control**
  * HTTP: callback host, user-agent, and proxy
  * Syscall control (spoof + indirect, spoof only, none)
  * Mask beacon
  * Mask heap
  * BOF Proxy
  * Working time
  * Killdate (exit / self-delete / date)
  * Injection technique (standard / stomping)
  * Allocation method (standard / APC)
  * Fork named pipe
  * Spawnto
  * AMSI/ETW bypass
  * BlockDLLs policy
  * Argument to spoof
  * PPID (parent process ID)
  * Sleep
  * Jitter