NeonPayload Posted November 19, 2022 Share Posted November 19, 2022 Hey Everyone, I saw a lot of threads on Havoc on twitter, however wanted to get your opinions. It's still in development and looks to be a open source cobalt strike. https://github.com/HavocFramework/Havoc Link to comment Share on other sites More sharing options...
hyperreality Posted November 29, 2022 Share Posted November 29, 2022 (edited) I had a look after you posted this and found a fairly serious vulnerability in the service authentication mechanism. The author was good to talk to and already fixed the bug. From my quick review of the codebase, it's in a very early release stage so I wouldn't use it for anything except playing around with locally yet. For instance it has default credentials and binds to all interfaces by default, so merely running it on a public server could get you pwned. Edited November 29, 2022 by hyperreality 1 Link to comment Share on other sites More sharing options...
NeonPayload Posted December 2, 2022 Author Share Posted December 2, 2022 Yeah, I didn't think it would be used in a actually used in a pentest engagement, but I've seen a lot of people make videos and talk about it. Link to comment Share on other sites More sharing options...
random Posted Saturday at 02:37 AM Share Posted Saturday at 02:37 AM Late to the party The author of the tool is a teenager, pretty cool project I must say. It has the potential of becoming a go-to open source C2. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now