NIGHTHAWK v0.2.6

Nighthawk 0.2.6 – Three Wise Monkeys

$9000
See no evil, hear no evil, speak no evil. This Japanese maxim epitomises the EDRs coming up against our latest release of Nighthawk. Following copious amounts of research and development, we’re happy to release Nighthawk 0.2.6, and as is the status quo, including several new features unique to Nighthawk.
However, from the point of view of the attackers (Red Team), there are a number of different techniques, such as direct system calls, indirect system calls, disabling APIs, etc., that can help us, as a Red Team, avoid detection by Endpoint Protection (EPP) and Endpoint Detection and Response (EDR) systems. However, even if you add various evasion functions to your malware, such as a shell code dropper, the command and control (C2) structure used or the corresponding shell code often turns out to be a certain limitation. With modern C2s from Red Team, such as Nighthawk, Cobalt Strike, Brute Ratel, etc., this seems to be less of a problem, since the shellcode or stager payload is already equipped with very useful evasion features by default, such as indirect system calls, hardware breakpoints, etc.
Add to cart
  • Category : С2
EDR destruction tools are gaining momentum as attackers realize the difficulties associated with performing tasks such as resetting credentials with EDR enabled and reporting. Most of these tools rely on the abuse of vulnerable drivers to achieve this goal, which in many cases means downloading your own driver. Of course, this entails its own difficulties related to telemetry related to the removal and loading of the driver, as well as the need to navigate through the list of vulnerable Microsoft drivers.

Add Review: