{"id":158142,"date":"2023-02-15T20:25:20","date_gmt":"2023-02-16T02:25:20","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2023\/02\/hackers-start-using-havoc-post-exploitation-framework-in-attacks"},"modified":"2023-02-15T20:25:20","modified_gmt":"2023-02-16T02:25:20","slug":"hackers-start-using-havoc-post-exploitation-framework-in-attacks","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2023\/02\/hackers-start-using-havoc-post-exploitation-framework-in-attacks","title":{"rendered":"Hackers start using Havoc post-exploitation framework in attacks"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/hackers-start-using-havoc-post-exploitation-framework-in-attacks2.jpg\"><\/a><\/p>\n<p>Security researchers are seeing threat actors switching to a new and open-source command and control (C2) framework known as Havoc as an alternative to paid options such as Cobalt Strike and Brute Ratel.<\/p>\n<p>Among its most interesting capabilities, <a href=\"https:\/\/github.com\/HavocFramework\/Havoc\" target=\"_blank\" rel=\"nofollow noopener\">Havoc<\/a> is cross-platform and it bypasses Microsoft Defender on up-to-date Windows 11 devices using sleep obfuscation, return address stack spoofing, and indirect syscalls.<\/p>\n<p>Like other exploitation kits, Havoc includes a wide variety of modules allowing pen testers (and hackers) to perform various tasks on exploited devices, including executing commands, managing processes, downloading additional payloads, manipulating Windows tokens, and executing shellcode.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security researchers are seeing threat actors switching to a new and open-source command and control (C2) framework known as Havoc as an alternative to paid options such as Cobalt Strike and Brute Ratel. Among its most interesting capabilities, Havoc is cross-platform and it bypasses Microsoft Defender on up-to-date Windows 11 devices using sleep obfuscation, return [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1492],"tags":[],"class_list":["post-158142","post","type-post","status-publish","format-standard","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/158142","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=158142"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/158142\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=158142"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=158142"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=158142"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}