NeonPayload Posted November 19, 2022 Share Posted November 19, 2022 Hey Everyone, I saw a lot of threads on Havoc on twitter, however wanted to get your opinions. It's still in development and looks to be a open source cobalt strike. https://github.com/HavocFramework/Havoc Link to comment Share on other sites More sharing options...
hyperreality Posted November 29, 2022 Share Posted November 29, 2022 (edited) I had a look after you posted this and found a fairly serious vulnerability in the service authentication mechanism. The author was good to talk to and already fixed the bug. From my quick review of the codebase, it's in a very early release stage so I wouldn't use it for anything except playing around with locally yet. For instance it has default credentials and binds to all interfaces by default, so merely running it on a public server could get you pwned. Edited November 29, 2022 by hyperreality 1 Link to comment Share on other sites More sharing options...
NeonPayload Posted December 2, 2022 Author Share Posted December 2, 2022 Yeah, I didn't think it would be used in a actually used in a pentest engagement, but I've seen a lot of people make videos and talk about it. Link to comment Share on other sites More sharing options...
random Posted March 25, 2023 Share Posted March 25, 2023 Late to the party The author of the tool is a teenager, pretty cool project I must say. It has the potential of becoming a go-to open source C2. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now