101010.pl is one of the many independent Mastodon servers you can use to participate in the fediverse.
101010.pl czyli najstarszy polski serwer Mastodon. Posiadamy wpisy do 2048 znaków.

Server stats:

487
active users

#postexploitation

0 posts0 participants0 posts today

Sliver too mainstream? Cobalt Strike too patched? Say hello to Havoc.

@FortiGuardLabs just broke down a malicious Havoc C2 sample — and it’s bringing that open-source, post-exploitation energy with extra attitude.

Built for red teamers but abused by threat actors, this sample goes full dark mode:

  • Shellcode loader in C++
  • AES-encrypted payload
  • XOR junk code to slow reverse engineering
  • Dynamic API resolving
  • LOLBin delivery via regsvr32

It’s like someone asked: “What if malware devs went full GitHub?” (never go full GitHub)

🔗 Full breakdown:
fortinet.com/blog/threat-resea

TL;DR for blue teamers:

  • Havoc ≠ harmless just because it’s open source
  • Monitor regsvr32, rundll32, mshta — Havoc loves its LOLBins
  • Watch for process injection + thread creation anomalies
  • Memory analysis > file-based detection here
  • Don’t assume your EDR is catching every beacon on port 443

Is it threat emulation or a real attack?

— Blue teamer having a full-blown identity crisis at 2am

Shoutout to @xpzhang and team for their amazing work!