HAVOC C2 - Demon Bypasses Windows 11 Defender

  Рет қаралды 152,784

John Hammond

John Hammond

Күн бұрын

Пікірлер: 208
@C5pider
@C5pider 2 жыл бұрын
Thank you so much for checking out the Havoc Framework !!!!
@angryman9333
@angryman9333 2 жыл бұрын
Appreciate the havoc, 5pider
@AdverierialResearch
@AdverierialResearch 2 жыл бұрын
You are doing a great job MAN.
@C5pider
@C5pider 2 жыл бұрын
@@AdverierialResearch Thanks ^^
@Jango1989
@Jango1989 2 жыл бұрын
Looks like a great start! I hope people in the community help you flesh it out more.
@C5pider
@C5pider 2 жыл бұрын
@@Jango1989 I hope too. Thanks to John more people are going to check it out, report issues/bugs, request some cool features and maybe a few PRs here and there.
@emby3885
@emby3885 2 жыл бұрын
Whenever I look into some new topic you magically seem to make a video on it right after, nice!
@elisehackmann-tf6xg
@elisehackmann-tf6xg Жыл бұрын
Damn i love the way you explore the new programs, how you navigate, how you research and how you do your trial and error. I love to see more!!
@AndrewSherd
@AndrewSherd 2 жыл бұрын
great video John! suggestion for the next video like this - keep Defender with default settings "on" to create a little challenge. Disabling almost all protection except basic RTP is not true bypass and like selecting "I'm too young to die" difficulty level :)
@OPCC2
@OPCC2 2 жыл бұрын
then you have to write a stager
@trustedsecurity6039
@trustedsecurity6039 2 жыл бұрын
@@OPCC2 you can do without a stager and it is even better to do without it. A loader yeah
@SaltyBalsZ
@SaltyBalsZ 2 жыл бұрын
@23:28 Worth to note that Windows Defender is almost worthless without cloud protection turned on.. So is Malware bytes, BitDefender, Kaspersky, Sophos and most AV applications. Patching the OS does not automatically update Win Defender's IoC's and rule sets to detect malware or suspicious behaviour
@Snowwolfow
@Snowwolfow 8 ай бұрын
Kaspersky would Maybe block it
@SaltyBalsZ
@SaltyBalsZ 8 ай бұрын
@@Snowwolfow That's why I use Kaspersky 👍 Best there is
@ishanchoudhary4555
@ishanchoudhary4555 2 жыл бұрын
First video I have seen where the defender failed lmao. Crazy framework, cool video. Ty C5pider
@anthonyjirouschek
@anthonyjirouschek 2 жыл бұрын
18 and creating this, this guys going places!
@C5pider
@C5pider 2 жыл бұрын
lol
@bannanas117
@bannanas117 2 жыл бұрын
@@C5pider Nice GUI. I see similarities to Cobalt Strike. Always cool to see another c2 framework out there thats open source. Nice work man
@C5pider
@C5pider 2 жыл бұрын
@@bannanas117 I really tried to make similar to Cobalt Strike since I wanted to avoid confusion. I didn't wanted people to learn a new UI and personally love Cobalt Strike
@swarooprajpurohit110
@swarooprajpurohit110 2 жыл бұрын
@@C5pider man you're amazing, I'm 22 and nowhere close to what you've done. I'm learning and thanks to guys like you who keep the FLOSS philosophy alive. I hope I can meet you someday. :)
@MaryOliveira-xi7cg
@MaryOliveira-xi7cg Жыл бұрын
@@C5pider Why do my connections become unresponsive and I can't do anything with the connection?
@xAngryDx
@xAngryDx 2 жыл бұрын
Thank you John, appreciate your content 🙂
@KeyserSoze407
@KeyserSoze407 8 ай бұрын
I'm a huge fan of your videos man. Only thing I don't understand is you show that it's a complete up-to-date machine and you have defender enabled, but you have many things disabled including tamper detection? Am I wrong or aren't most people trying to learn how to *get around* windows anti-virus. Either way you're the man. Just don't understand unless you expect everyone viewing to know you have to do way more to get through windows AV. ?
@anounTT
@anounTT Жыл бұрын
You should make a video going over your VM's. I am interested in how that is setup and how much space is typically required to have a VM setup like that.
@ITSecurityLabs
@ITSecurityLabs 2 жыл бұрын
I know what i am doing tonight! I will try to check some of the logs in security onion with wazuh and sysmon and see what we can add for detection
@C5pider
@C5pider 2 жыл бұрын
Sounds amazing.
@lordvoldemort7692
@lordvoldemort7692 2 жыл бұрын
Thanks for the content , now your getting close and close to the real malware world
@CU.SpaceCowboy
@CU.SpaceCowboy 8 ай бұрын
the framework itself is always more important IMO than the client itself because most people are going to end up heavily modding it anyways to avoid getting signatured. for cs beacon ill rewrite the same function differently and add do random math operations or sleeps. if ur gnarly then change how it communicates to c2 maybe. great vid as usual brother 👍
@SkeeterPondRC
@SkeeterPondRC 2 жыл бұрын
Awesome. Im going to test this in my environment... Maybe in one of my internal phishing campaigns (evil laugh)
@thefunnychannel647
@thefunnychannel647 2 жыл бұрын
Hi John Great video. Just to let you know that it's the team server in the image with the two systems.
@tea_otomo
@tea_otomo 2 жыл бұрын
22:18 tbf defender is waaaayyy worse without cloud protection.
@diegodejesus9668
@diegodejesus9668 4 ай бұрын
I find it impressive to see these types of tools so powerful, and then you see the description of the repository saying "made just for fun" lol
@jjaybeeze6077
@jjaybeeze6077 2 жыл бұрын
totally awesome man!
@flobow8446
@flobow8446 2 жыл бұрын
You would need to fix the broken dependency causing apt to throw error, then the scripts will probably work. Maybe just a clean of apt would have done the trick :)
@mahfoudhifatma6144
@mahfoudhifatma6144 2 жыл бұрын
Thank you john!
@RVTKZCE
@RVTKZCE 2 жыл бұрын
Is that payload still would be undetected with cloud scanning feature on ? If no, what's the point of showing this ?
@U3mi436
@U3mi436 2 жыл бұрын
Hi John, I really appreciate your content and it’s really fun to watch. Just curious have you tested this also with Defender for Endpoint if it still remains undetected? Best regards Tim
@GarrysSketch
@GarrysSketch 2 жыл бұрын
Defender for Endpoint does detect it.
@kindwords80
@kindwords80 2 жыл бұрын
Really really wonderful. Wish i can be your student directly.
@teknixstuff
@teknixstuff 2 жыл бұрын
12:10 Hashicorp makes terraform!
@RobertD.Larrabee
@RobertD.Larrabee 2 ай бұрын
Thank you so much
@Rekalibrovka
@Rekalibrovka 2 жыл бұрын
Hello sir! Thank you for great content! Please add a pop filter to your mic...
@never_unsealed
@never_unsealed 2 жыл бұрын
Windows Defender with cloud protection disabled is pretty useless. It won't even detect even basic malware techniques.
@thebaldguy458
@thebaldguy458 2 жыл бұрын
I love this channel Great job 👍 👌
@CQURB4
@CQURB4 2 жыл бұрын
John You need to update repository before installing programs. That easy fix
@cirklare
@cirklare 2 жыл бұрын
Basically he made his undetectable metasploit
@johntoes1260
@johntoes1260 Жыл бұрын
This is interesting no lie
@shahil1867
@shahil1867 Жыл бұрын
15:44 Star platinum (JoJo reference)
@master_sam7227
@master_sam7227 2 жыл бұрын
Cool! Say pls, what laptot you use?
@0xtaffy652
@0xtaffy652 2 жыл бұрын
Going to definetly be setting this up in the lab to mess around with
@pppp9459
@pppp9459 2 жыл бұрын
John which laptop do you recommend for hacking?
@MaryOliveira-xi7cg
@MaryOliveira-xi7cg Жыл бұрын
Why do my connections become unresponsive and I can't do anything with the connection?
@MygenteTV
@MygenteTV Жыл бұрын
you are the reason im so into cyber security now thank you. bro can you please show us how you would maintain connection to a server once is hacked? I'm doing the oscp but they don't teach you that and I was asked this twice in job interviews.
@MrBigMoneyMan909
@MrBigMoneyMan909 Жыл бұрын
Establish persistence by writing to the registry key HKLM\Software\\Microsoft\Windows\CurrentVersion\Run to start a service which launches the daemon for your post exploitation C2 server on boot. That ensures you maintain a connection to the server that survives a reboot. You can also do the same thing to survive being manually killed since the registry will just restart it in the background, you would just need to find out what key needs to be written to.
@googleisbad
@googleisbad 2 жыл бұрын
Wow that looks amazing I wonder if windows 10 would catch it
@C5pider
@C5pider 2 жыл бұрын
For now it doesn't since it never saw an implant like this.
@googleisbad
@googleisbad 2 жыл бұрын
@@C5pider quick question about how u made this: do you have to master all programming languages used and also its great your replying to all these comments what a legend.
@C5pider
@C5pider 2 жыл бұрын
@@googleisbad I do mater all programming languages. I just know C/C++ very well and golang
@dazai6861
@dazai6861 2 жыл бұрын
i tried it on win 10 seems not working unfortunately
@icebice
@icebice 2 жыл бұрын
Is it persistent? I noticed it hides in calc.exe in this case, what if the user would reboot :P?
@hoodietramp
@hoodietramp 2 жыл бұрын
This really was a havoc🎸
@romeliochirino2217
@romeliochirino2217 2 жыл бұрын
what do you use for screen recording?
@TuyenTran-qj9wg
@TuyenTran-qj9wg Жыл бұрын
i cant install python 3.10 it said that: E: Unable to locate package python3.10 E: Couldn't find any package by glob 'python3.10' E: Unable to locate package python3.10-dev E: Couldn't find any package by glob 'python3.10-dev' what can i do now :((
@gamesstatusglerygames6864
@gamesstatusglerygames6864 2 жыл бұрын
It really works Im shocked
@JamiuKehinde-yn7uz
@JamiuKehinde-yn7uz Жыл бұрын
Plz how can I get the cookies and keyloaggers section from the client ?
@PetritK10
@PetritK10 Жыл бұрын
which C2 framework you use in your Job as Professional
@IndiTechNexus
@IndiTechNexus 2 жыл бұрын
ha...... John Hammond i am big fan for your video. i am see your video last 2 years. i am from India. john can create video from "how to use snyk and what is best scanner for find bug any web application
@saxa1
@saxa1 2 жыл бұрын
You earned my sub ;)
@Bloodzeus_
@Bloodzeus_ Жыл бұрын
would have been interesting to see the VT results of that exe, see what other vendors block
@rizkysays
@rizkysays Жыл бұрын
How to bypass UAC Windows on victime machine with this C2?
@СвабодаМиша
@СвабодаМиша 2 жыл бұрын
does this works on WAN? If yes, how to configure it?
@n-i-n-o
@n-i-n-o 2 жыл бұрын
Why not with enabled cloud protection?
@RemainZStudio
@RemainZStudio Жыл бұрын
o dear johm.. john ... john... we know that windows is not fully running security, if you turn on Application Guard which is part of defender its going to check the .exe file and also what source it comes from which in your case is "UP DOG" defender knows what you up to it will not allow the .exe to save and run it, hey i know this is your bread and butter but.... please do it in a correct configured enviroment or say at least " this is a home setup and not a enterprise setup " don't BS people.... we all know this will not run
2 жыл бұрын
using this and never lagging
@nilesh.mohekar
@nilesh.mohekar 2 жыл бұрын
Did you have to have calc.exe running already in order to inject the code?
@ryanhoole4227
@ryanhoole4227 2 жыл бұрын
I am not getting the payload to run, assuming the same for you.
@ryanhoole4227
@ryanhoole4227 2 жыл бұрын
Oh... I forgot I am also on ARM lol...
@tigreonice2339
@tigreonice2339 2 жыл бұрын
Is the same on win 7 and win 8.1? Or they have better defense nowadays? XD
@sendlocation8476
@sendlocation8476 8 ай бұрын
I’m new to all of this. Why does Linux and GitHub make it so nerdy to install something? Like you have to type so many commands? Why wouldn’t they just make a packet installer gui and just click and it install everything? Is this a Linux user thing where they make everything seem longer than expected? Sorry for my ignorance but someone like to make me understand…..
@captainkatz1775
@captainkatz1775 2 жыл бұрын
HANDS UP GIVE ME THE KNOWLEDGE 🔫
@Chris-zc9bp
@Chris-zc9bp Жыл бұрын
I have same problem when trying to install golang on Kali
@raymondfinkle4257
@raymondfinkle4257 2 жыл бұрын
Damn John. You losing weight? Lookin' slim.
@teigeebean1257
@teigeebean1257 2 жыл бұрын
I have malware too. I'm isolated to a terminal without an operating system, but have full backdoor access to the attackers entire file system.
@smartsalmon1
@smartsalmon1 2 жыл бұрын
What do you mean?
@teigeebean1257
@teigeebean1257 2 жыл бұрын
I think it's an extension of chaos, and also takes advantage of a lower level process like ebpf for kernel communication. There's scripts for different archs (i386, x86_64, arm64) and a bunch of different operating systems. As well as lists of program signatures, and expired licenses that they've setup to bypass security checks etc.
@teigeebean1257
@teigeebean1257 2 жыл бұрын
@@smartsalmon1 I'm inside a virtual interface of the attackers 'recovery mode' on my system... They have compromised my entire network, but now can't tell the difference between my shell and one of theres. So I've been able to poke around discretely.
@smartsalmon1
@smartsalmon1 2 жыл бұрын
@@teigeebean1257 okay that's what I was confused on. And still am but it seems to just be beyond my knowledge base.
@amhokies
@amhokies 2 жыл бұрын
I'm almost certain this is entirely nonsense. This person has been watching too many "hacker" movies.
@NoONE-bk7ud
@NoONE-bk7ud 2 жыл бұрын
hey john, i'm a cybersecurity student and i learned how to use NMAP then i scan my home network then i found my SmartTv {LG} send traffic to 1111 port known as "lmsocialserver" so i searched in internet and i found that this port used by a Trojan virus that open a backdoor is this a bad boy or it's ok ?
@obtuseguru7259
@obtuseguru7259 2 жыл бұрын
yeah you are fucked, the chinese now have all your browsing history and porn. i recommend wiping all data selling the tv and start using only public wifi.
@c1ph3rpunk
@c1ph3rpunk 2 жыл бұрын
Devices use all sorts of ports for comms, there’s nothing governing what ports and app/device uses. As for the name, that’s not guaranteed either, if you’re using the “official” names then someone submitted to name it as “standard”. Is it bad? Who knows, it depends on what the device does, you’ll have to dig in and see what the traffic is doing and research it more. Smart devices do all manner of wild, wacky and stupid stuff, doesn’t make it “bad”. Could be for device discovery, remote control, telemetry gathering, who knows.
@NoONE-bk7ud
@NoONE-bk7ud 2 жыл бұрын
@@c1ph3rpunk ty :)
@JerryMichaels7
@JerryMichaels7 2 жыл бұрын
It looks terraform like cuz it is! :)
@C5pider
@C5pider 2 жыл бұрын
terraform is using the HCL parser which is written in go. Yaotl is a "fork" of HCL with some small modifications but its basically the same as terraform.
@georgehammond867
@georgehammond867 2 жыл бұрын
this very dangerous framework
@C5pider
@C5pider 2 жыл бұрын
LMAO if you know how to use it
@underscore.
@underscore. 2 жыл бұрын
havoc framework reminds me of the xposed framework lol
@C.Columbus
@C.Columbus 27 күн бұрын
Still works 1 year later
@seancantwell12
@seancantwell12 2 жыл бұрын
Why yo hair look different?? What you do?? I like
@logiciananimal
@logiciananimal 2 жыл бұрын
So, how much time until this is detected by Defender?
@C5pider
@C5pider 2 жыл бұрын
I give it a week or two. :P
@kevinvandeford5562
@kevinvandeford5562 Жыл бұрын
can I build this in Termux?
@infinix_6586
@infinix_6586 Жыл бұрын
IS THIS WORK OVER WAN...🤔
@Sonyboj
@Sonyboj 2 жыл бұрын
Defender is not fully on... it basically needs cloud protection and its also what is on by default. You are not testing real enviroment.
@Daniel2005D
@Daniel2005D Жыл бұрын
Thanks 4 ur video, this C2 not working to attack Linux Machines.
@novianindy887
@novianindy887 Жыл бұрын
can you do meterpreter payload with that?
@jebouijamel
@jebouijamel 2 жыл бұрын
the whole tNice tutorialng but then you have a solid foundation.
@GenevieveTibona
@GenevieveTibona 7 ай бұрын
Thank but now is not work
@gtdt5666
@gtdt5666 2 жыл бұрын
Let's see what u got here:D
@murtazaahmed8336
@murtazaahmed8336 2 жыл бұрын
For the love of God people don't upload these payloads to Virus total like please don't, these undetectable payloads don't come by everyday and take a good while to develop don't let the creators work go to waste
@guccixlouisvuittonsmartfridge
@guccixlouisvuittonsmartfridge 2 жыл бұрын
too late 😹😹😹 im not tryin to get ratted
@HyBlock
@HyBlock 2 жыл бұрын
these open source frameworks aren't supposed to be fully undetected forever, it's impossible since they are PUBLIC, you are asking for the impossible, plus they've not supposed to be used for illegal actions, don't be skids
@C5pider
@C5pider 2 жыл бұрын
Before I published Havoc I uploaded some samples to VT to help AV/EDRs vendors to detect my implants. Havoc isn't designed to evade. It is designed to be malleable and modular enough so operators with enough knowledge can bypass AV/EDRs. ☺️
@damuffinman6895
@damuffinman6895 2 жыл бұрын
If you don't like it, take the time to learn to learn to make your own payloads.
@kobebean9411
@kobebean9411 Ай бұрын
but why not use kali linux there tool are bettter
@hamzarashid7579
@hamzarashid7579 2 жыл бұрын
Hey john I recommended using Nala. Nala is a front-end for libapt-pkg. It`s most of the time fix these kind a errors. Search: Nala GitLab
@likeastar20
@likeastar20 2 жыл бұрын
What is the MD5 of the exe?
@shakeemdixon8107
@shakeemdixon8107 Жыл бұрын
Its getting blocked by defender now
@gooniesfan7911
@gooniesfan7911 Жыл бұрын
I had scanned the agent on virustotal now just incase some AV didnt detect it ! Doing my part to make security tools better
@h4gg497
@h4gg497 2 жыл бұрын
You tried editing sources.list as a non root user bro.
@popeyehacks
@popeyehacks 2 жыл бұрын
Heyyy John i have malware i don't know how to give that to u
@CQURB4
@CQURB4 2 жыл бұрын
Zip it with password infected and upload that to google drive and share that.
@cirklare
@cirklare 2 жыл бұрын
I tried to do that and he didn't reply to my email
@Theoldenmage
@Theoldenmage 2 жыл бұрын
@@cirklare he's probably busy at the moment, I'm sure he has hundreds of requests/emails to get at
@castroonie
@castroonie 2 жыл бұрын
@@CQURB4 would the email anti virus not get it?
@CQURB4
@CQURB4 2 жыл бұрын
@@castroonie zip it using password "infected". It won't be detected by drive
@girl4632
@girl4632 Жыл бұрын
Is there any WhatsApp group of cybersecurity professionals, practitioner,hacker kind of where could discuss.
@Landee
@Landee 2 жыл бұрын
18 yo ...
@C5pider
@C5pider 2 жыл бұрын
👀
@Landee
@Landee 2 жыл бұрын
@@C5pider bro ur just insane 😳
@C5pider
@C5pider 2 жыл бұрын
@@Landee Not insane just had to much time lol. Get bored really fast in school lmao.
@Landee
@Landee 2 жыл бұрын
@@C5pider lmaooo
@cosmicrisis5699
@cosmicrisis5699 2 жыл бұрын
@@C5pider I’m curious when did you start learning? And what resources did you use cause it’s really impressive
@TimkaSR
@TimkaSR 2 жыл бұрын
Now getting detected as of now
@avnishprajapat2119
@avnishprajapat2119 2 жыл бұрын
Any videos on firewall and bypass methods?
@VECTORY_
@VECTORY_ 2 жыл бұрын
can i send you a virus i desperly tried to erase from my computer? its still on despite the many Factory resets my pc did go trough, it activates itself 1 time in 3 months and a simple reset to the last day solves it. but its still anoying, can i send it to you and you maybe figure out how i can be free from this thing? Information: (i think) a simple user control that always jumps to the first thing and locks onto it, like the desktop it locks the first file and you cant click anything else than that file, 450MB~ a single windows executable (exe) got it from trying to download a game, now trapped the file in my USB-Stick. would be nice if you would help/answer -Fellow beginning Hacker
@VECTORY_
@VECTORY_ 2 жыл бұрын
i dont have whatsapp
@minefox6071
@minefox6071 2 жыл бұрын
@@VECTORY_ well you just replied to a scummy bot
@affieuk
@affieuk 2 жыл бұрын
@@VECTORY_ That's a bot / scam, don't respond.
@VECTORY_
@VECTORY_ 2 жыл бұрын
@@affieuk i dont have a phone either, so i cant
@uditsaini5550
@uditsaini5550 10 ай бұрын
it is still undetactable 😂😂😂
@sp3ct3r71
@sp3ct3r71 2 жыл бұрын
whats updog?
@kobki66
@kobki66 7 ай бұрын
heey what's up my boy
@sp3ct3r71
@sp3ct3r71 7 ай бұрын
@@kobki66 office reference in johns video .. here i am after 1 year..
@jak365
@jak365 2 жыл бұрын
@lfcbpro
@lfcbpro 2 жыл бұрын
please fix the right channel high end squeak ???
@AndreiChrisso
@AndreiChrisso 2 жыл бұрын
Hi nerd =))))
@CenterZero_DeadSecurity
@CenterZero_DeadSecurity 2 жыл бұрын
I can't resize the edit listener window 😭
@ATechGuy-mp6hn
@ATechGuy-mp6hn Жыл бұрын
Windows defender is almost useless without cloud turned on if I remembered correctly
@ompande1272
@ompande1272 2 жыл бұрын
Ay man
@scott32714keiser
@scott32714keiser 2 жыл бұрын
Why does windows not have any good virus proofing yet Linux got toram good luck infecting a operating that runs on a rom. I wish I can get windows on a rom with toram while storing files on internal drive so the internal drive can fail and I only loose my files not the operating system and to remove a virus all you need to do is wipe or replace the drive. Windows don't support roms even if you can get it on there correctly it needs to write to the drive just to boot. So windows gets a virus and your os you paid for is useless windows sucks. There's very few things I can't do on Linux that I can do on windows
@lordvoldemort7692
@lordvoldemort7692 2 жыл бұрын
Linux is good , but most softwares on windows . so best solution to buy a pro anti malware
@beepboop-o5s
@beepboop-o5s Жыл бұрын
anti malware is a scam an and name one thing window has that matters that isnt avalabe on linux @@lordvoldemort7692
@navjotsingh5108
@navjotsingh5108 2 жыл бұрын
does anyone know where i can get the pirated version of soft soft
@nnawaff
@nnawaff 2 жыл бұрын
i just hate apt it's pure trash
@dnx3222
@dnx3222 2 жыл бұрын
Legend hammond
How Hackers Hide
20:55
John Hammond
Рет қаралды 239 М.
REAL 3D brush can draw grass Life Hack #shorts #lifehacks
00:42
MrMaximus
Рет қаралды 12 МЛН
Try Not To Laugh 😅 the Best of BoxtoxTv 👌
00:18
boxtoxtv
Рет қаралды 6 МЛН
HELP!!!
00:46
Natan por Aí
Рет қаралды 17 МЛН
Hacking Windows TrustedInstaller (GOD MODE)
31:07
John Hammond
Рет қаралды 694 М.
How Hackers Compromise BIG Networks (with NetExec)
36:41
John Hammond
Рет қаралды 120 М.
Finding WEIRD Devices on the Public Internet
27:48
John Hammond
Рет қаралды 305 М.
Red Teaming With Havoc C2
43:19
CYBER RANGES
Рет қаралды 13 М.
How Hackers Move Through Networks (with Ligolo)
20:01
John Hammond
Рет қаралды 276 М.
Can this BYPASS Windows Defender???
15:58
Daniel Lowrie
Рет қаралды 5 М.
catch EVERY reverse shell while hacking! (VILLAIN)
19:03
John Hammond
Рет қаралды 222 М.
Reverse Shell UNDETECTED by Microsoft Defender (hoaxshell)
17:44
John Hammond
Рет қаралды 165 М.