"Hackers Start Using Havoc Post-exploitation Framework in Attacks"

According to security researchers, threat actors are now using Havoc, an open-source command-and-control (C2) framework, as an alternative to paid options such as Cobalt Strike and Brute Ratel. Havoc's cross-platform nature and ability to evade Microsoft Defender on Windows 11 devices via sleep obfuscation, return address stack spoofing, and indirect syscalls are among its features. Similar to previous exploitation kits, Havoc includes various modules that enable pen testers (and hackers) to execute commands, manage processes, download additional payloads, manipulate Windows tokens, and execute shellcode. This article continues to discuss threat actors switching to a new and open-source C2 framework known as Havoc as an alternative to paid options.

Bleeping Computer reports "Hackers Start Using Havoc Post-exploitation Framework in Attacks"