HackerOne

Target:

PoC:

Your browser does not support the video tag. Summary Havoc C2 is a modern and malleable post-exploitation command and control framework targetting windows systems utilized by red teamers and threat actors alike. While auditing the codebase, I was able to discover a vulnerability in which unauthenticated attackers could create a TCP socket on the teamserver with an arbitrary IP/port, and read and write traffic through the socket.

Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration - edoardottt/scilla

All about Eldorado Ransomware and how its affiliates make their own samples for distribution.