Octopus v1.2 stable: shellcode generation, spoofed args agent & much more!

Estimated Reading Time: 4 minutes It’s been a while since I released the stable version of Octopus, and today, I’m glad to announce that version 1.2 from Octopus is out! We added new features to this version and fixed some issues from the previous one to make it more stable. With time going by, we noticed that Octopus usage is…

In-Memory shellcode decoding to evade AVs/EDRs

Estimated Reading Time: 9 minutes During the previous week, I was doing some research about win32 APIs and how we can use them during weaponizing our attack, I already did some work related to process injection in the past, but I was looking for something more advanced and to do an extra mile in process injection. So, I took my…

OCS Inventory NG v2.7 Remote Command Execution (CVE-2020-14947)

Estimated Reading Time: 7 minutes Summary of OCS Inventory NG Open Computer and Software Inventory Next Generation is free software that enables users to inventory IT assets. OCS-NG collects information about the hardware and software of networked machines running the OCS client program. OCS can visualize the inventory through a web interface. About the exploit I found this vulnerability by…

Automate Octopus C2 RedTeam Infrastructure Deployment

Estimated Reading Time: 15 minutes Establishing a red team infrastructure for your operation is something you need to take care of every time, and you need to make sure it’s working without any obstacles before you begin your operation. Every time I start a new operation, I set up the infrastructure manually using DigitalOcean or AWS, and it’s always enjoyable…

Open-AudIT v3.3.1 Remote Command Execution (CVE-2020-12078)

Estimated Reading Time: 6 minutes Summary of Open-AudIT Open-AudIT is an application to tell you exactly what is on your network, how it is configured, and when it changes. Open-AudIT will run on Windows and Linux systems. Essentially, Open-AudIT is a database of information, that can be queried via a web interface. Data about the network is inserted via a…

Octopus v1.0 stable: Cobalt Strike deployment & much more!

Estimated Reading Time: 4 minutes After months of releasing the first version of Octopus, I’m more than glad to announce that the stable version of Octopus is out! During the past few months, I worked with talented people to enhance Octopus capabilities and adding great features to it, also we fixed a couple of errors and made the usage of…

Cacti v1.2.8 authenticated Remote Code Execution (CVE-2020-8813)

Estimated Reading Time: 8 minutes Summary about Cacti Cacti is a complete network graphing solution designed to harness the power of RRDTool’s data storage and graphing functionality, Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that…

PandoraFMS v7.0NG authenticated Remote Code Execution (CVE-2019-20224)

Estimated Reading Time: 6 minutes Summary about Pandora Pandora FMS is a monitoring software for IT infrastructure management. It includes network equipment, Windows and Unix servers, virtual infrastructure and all different kinds of applications. Pandora FMS has a large amount of features, making it a new generation software which covers all the monitoring issues that your organization may have. About…

Unveiling Octopus: The pre-operation C2 for Red Teamers

Estimated Reading Time: 6 minutes This year in BlackHat London 2019, I presented my tool Octopus in BlackHat Arsenal, and it was really fun to present the tool in front of some talented hackers and hear a feedback about the tool from them. So I just wanted to share a complete guide on how you can use Octopus the Pre-Operation…