SESSION_ACTIVE :: RED_TEAM_ENGAGEMENT

Traveler

active Version 1.0 Owner: MainDavis Updated: Feb 10, 2026 red-team · windows · wsl2 · loader · nim

Overview

Traveler is a cross-OS fileless loader built for labs and authorized Red Team operations. It leverages internal virtualization channels (AF_VSOCK / Hyper-V) to move encrypted shellcode from a Linux/WSL2 environment directly into Windows host memory, avoiding disk artifacts and reducing exposure on traditional network paths.

This arsenal documentation summarizes architecture, operational flow, and OPSEC notes. It does not introduce new offensive techniques and is not intended for use outside controlled environments.

Scope

  • Windows 10/11 environments with WSL2 / Hyper-V enabled.
  • Scenarios where the operator controls both the Linux guest and the Windows host.
  • Experiments around fileless chains and hypervisor-backed channels.

Quick summary

  • Leymano → AF_VSOCK → Anchor end-to-end in memory.
  • Lightweight per-session XOR encryption before sending the payload.
  • RW reception, in-place decryption, and late switch to RX.
  • Indirect execution via API callback (EnumSystemLocalesA).

Repository

Official repository: https://github.com/MainDavis/Traveler

See also