Feb 15, 2023

Hackers start using Havoc post-exploitation framework in attacks

Posted by in category: security

Security researchers are seeing threat actors switching to a new and open-source command and control (C2) framework known as Havoc as an alternative to paid options such as Cobalt Strike and Brute Ratel.

Among its most interesting capabilities, Havoc is cross-platform and it bypasses Microsoft Defender on up-to-date Windows 11 devices using sleep obfuscation, return address stack spoofing, and indirect syscalls.

Like other exploitation kits, Havoc includes a wide variety of modules allowing pen testers (and hackers) to perform various tasks on exploited devices, including executing commands, managing processes, downloading additional payloads, manipulating Windows tokens, and executing shellcode.

Comments are closed.