In this stream we continued analyzing the Havoc Command and Control (C2) framework payloads. We finished recovering the Havoc configuration structure, wrote automation to automatically extract it from Havoc payloads using Binary Ninja and wrote a Yara rule to identify further payloads using the Yara search from unpac.me / @OALABS.
Training: https://training.invokere.com/course/imbtbn
Notes: https://github.com/Invoke-RE/stream-notes/tree/main/red-team
Twitch: https://www.twitch.tv/InvokeReversing
Twitter: https://twitter.com/InvokeReversing
Mastodon: https://infosec.exchange/@invokereversing
0:00 Introduction & Recap of Previous Work
3:52 Markup Automation for Hash Resolution Functions
9:24 Manual Havoc Struct Markups
29:11 Automating Configuration Struct Parsing
42:03 Yara to Find More Havoc Samples on Unpac.Me
59:16 Automation Config Function Identification
1:17:06 Outro
555 Lượt nghe
Video
