I released another video demonstration!
This time I am demonstrating the stack spoofing capabilities, especially CET compliance and being able to migrate into an CET enabled process such as Microsoft Edge (or any Chromium based browser with CET support) and retrieving credentials and cookies via cookie-monster BOF
There is no illegal activity, Havoc Professional is a registered dual-use product and regulated under the EU001 Export Control List
YouTube Link below🔗
Another small demonstration video is online!
In this demonstration we are going to cover the vm-filesystem project which utilizes the Firebeam Virtual Machine to interact with the target filesystem and monkey patch python methods which the File Browser uses to interact with the agent.
YouTube and Github Link below🔗
I have released another video about Havoc Professional!
This video is demonstrating the "Fallback Listeners" capability which allows the operator to embed additional listener configurations into the implant in case the primary or secondary listener fails.
Link below🔗
I release a short demonstration of the Kaine Extension System, allowing the operator to fully configure what features and evasion capabilities the agent should have and contain.
youtube.com/watch?v=a8YZPl…
One of the questions I have received a lot of times and was important to me was making Havoc agnostic to external services such as for reporting, logs and more. With this being said it is really easy to write components for both the backend, frontend (client), and for the agents within Havoc Professional. Plugins to ingest events and logs into reporting toolings such as Ghostwriter is trivial!
Demonstrating that Red Teams can write their own plugin components to properly embed Havoc into the infrastructure and workflow.
I never mentioned Havoc Pro has its own only APIs. I ensured existing BOFs run out-of-the-box without operators needing more than a single script at most. If I add my own APIs, they’ll be alongside CS APIs so customers aren’t forced to adapt or waste time. My priority is preventing operators from doing unnecessary R&D, so Havoc supports all CS APIs. This isn’t about ToS otherwise Outflank and Nighthawk couldn’t use CS APIs either. When a framework refuses CS API support, it’s usually ego, leaving customers to struggle instead of providing at least minimal compatibility. All CS, TrustedSec, and Outflank BOFs work unmodified on Havoc :)
Introducing Havoc Professional: A Lethal Presence
We’re excited to share a first look at Havoc Professional, a next-generation, highly modular Command and Control framework, and Kaine-kit our fully Position Independent Code agent engineered for stealth!
infinitycurve.org/blog/introduct…
27 Followers 1K Followingleftist cat dad. finishing undergrad. transitioning from psych/neuro to cyber/systems. working on building things in rust and HTB modules. new to homelabs.
244 Followers 1K Following#1 Player @SecDim https://t.co/c05WbjSF8H
Senior Pentest & CTI @Transgrid_AU
@thehackerscrew1 CTF Player
https://t.co/jjo3voyn8F Pro Team Player