Usage of the Havoc C2 Framework
10/28/2023 This will be a continuation of the “Building an External Pentest Lab ft. Havoc” post which can be found here if you do not have a lab setup yet. This post will go over some of the config files for Havoc as well as the basic usage payloads and listeners. At this point we have our…
Dropper Redirection
I have been breaking my brain the last few weeks attempting to learn how to evade EDR and various anti-virus mechanisms with the Havoc C2 agent but that is still a work in progress. Today I wanted to take a step back from the bytes that makeup the agent and look at my delivery mechanism…
Defender Evasion
As with most C2 frameworks, when Havoc first came out the payload was considered FUD (fully undetectable) at least for Windows Defender. As with any new piece of malware, as time goes on AV vendors learn about new tools and write detections for them. At the time of this writing the default Havoc payload will…
Building an External Pentest Lab ft. Havoc
10/24/2023 One thing that has commonly stuck out to me about most of the pentest labs that you see online is that they often consist of a Kali machine on the same network as the target machines. This setup is great for testing out new exploits and practicing techniques such as kerberoasting. However, my goal…
A Brief Trip to the Skies
3/23/2024 : A short investigation into Entra Enterprise Applications I have recently seen several cases where users have either A. had their email compromised and then registered an application, or B. registered an application that was provided via a phishing email. I wanted to understand why the registration would be useful from an attacker perspective.…
Welcome Everyone! 