MDSec Releases Nighthawk C2 Framework Version 0.3.3
/ 3 min read
Quick take - MDSec has released version 0.3.3 of its Nighthawk C2 framework, featuring enhancements aimed at improving operational security, reducing detection risks, and introducing new functionalities such as memory invisibility, a Python API, and support for external tool integration.
Fast Facts
- MDSec released version 0.3.3 of the Nighthawk C2 framework, focusing on improved operational security and reduced detection risks.
- Key features include enhanced memory invisibility with a new memory masking capability, reducing plaintext exposure to about 2%.
- A code mutator has been added to obfuscate decryption stubs, minimizing signature risks, and the architecture now supports Control-flow Enforcement Technology (CET).
- A new Python API allows for automated interactions with the beacon, enhancing functionality and integration with external tools.
- The update includes improvements for cross-process injection, support for Cobalt Strike BOF API, and enhanced evasion capabilities against anti-malware measures.
MDSec Releases Nighthawk C2 Framework Version 0.3.3
MDSec has announced the release of version 0.3.3 of its Nighthawk C2 framework. This update introduces a variety of new features and enhancements aimed at improving operational security and reducing detection risks for users.
Key Features and Enhancements
One of the key highlights is the enhanced memory invisibility feature, which includes a new memory masking capability. This feature reduces plaintext exposure to approximately 2% by masking inactive pages of the beacon. Additionally, a memory hiding feature maintains encryption during execution, allowing for a more secure operational environment.
The update also focuses on innovative features and bug fixes. A code mutator has been implemented to obfuscate decryption stubs generated with each artifact, reducing signature risks. The architecture has been restructured to support Control-flow Enforcement Technology (CET), enhancing defenses against control flow hijacking.
A new Python API has been introduced, allowing users to automate interactions with the beacon and providing example scripts for various tasks. The API supports client-side scripting, enabling the execution and processing of outputs from different file types. New methods have been added to enhance functionality within the Nighthawk client, and the framework now supports integration with external tools through its Python Modules feature, increasing its versatility for users.
Additional Improvements
The update includes new techniques for cross-process injection and enhancements to the Hidden Desktop functionality for Windows 11. Support for the Cobalt Strike BOF key/value API has also been added. A significant rewrite of the harness has been conducted, improving operational security and compatibility with various Portable Executable (PE) types, including binaries written in Rust.
Improvements to NHLoader and Nighthawk injectors have been made, disabling CET in spawned processes. The release introduces additional options for patching Anti-Malware Scan Interface (AMSI) and includes options for Event Tracing for Windows (ETW), bolstering evasion capabilities for users.
MDSec’s Commitment to Cybersecurity
MDSec continues to position itself as a leader in cybersecurity solutions, taking a comprehensive approach to penetration testing and incident response. The organization’s research team remains active in producing relevant publications, and training courses are designed to reflect current trends in cybersecurity. Clients benefit from MDSec’s trusted expertise, with the penetration testing team recognized by leading technology companies and acknowledged by global financial institutions.
Original Source: Read the Full Article Here
