21 matches found
APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military
The Russian state-sponsored hacking group tracked as APT28 has been observed using a pair of implants dubbed BEARDSHELL and COVENANT to facilitate long‑term surveillance of Ukrainian military personnel. The two malware families have been put to use since April 2024, ESET said in a new report shar...
CVE-2020-36911
Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system...
CVE-2020-36911
Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system...
CVE-2020-36911
CVE-2020-36911 affects Covenant versions 0.1.3 through 0.5, described as a remote code execution vulnerability where an attacker can forge JWT tokens with administrative privileges and upload DLL payloads to execute arbitrary commands on the target system. The threat relies on forging tokens to g...
CVE-2020-36911 Covenant 0.5 - Remote Code Execution (RCE)
Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system...
CVE-2020-36911 Covenant 0.5 - Remote Code Execution (RCE)
Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system...
Covenant 信任管理问题漏洞
Covenant is a .NET framework by Ryan Cobb Personal Developer. A trust management issue vulnerability exists in Covenant versions 0.1.3 through 0.5, which stems from an attacker being able to spoof a malicious JWT token with administrator privileges, potentially leading to remote code execution...
personal-security-checklist-1
This repository is an open-source project for a curated checklist of 300+ tips for protecting digital security and privacy in 2022. It is a community-driven project that allows contributors to suggest and submit points to be added, amended, or removed from the list. The project has a code of...
personal-security-checklist
It is an offensive tool for community guidelines and contributor policies. The repository contains a curated checklist of 300+ tips for protecting digital security and privacy in 2022. The primary CVE ID is not present in the provided context. The target product/service or framework is not...
APT28 Uses Signal Chat to Deploy BEARDSHELL Malware and COVENANT in Ukraine
The Computer Emergency Response Team of Ukraine CERT-UA has warned of a new cyber attack campaign by the Russia-linked APT28 aka UAC-0001 threat actors using Signal chat messages to deliver two previously undocumented malware families dubbedd BEARDSHELL and COVENANT. BEARDSHELL, per CERT-UA, is...
Covenant 0.5 Remote Code Execution
Exploit Title: Covenant v0.5 - Remote Code Execution RCE Exploit Author: xThaz Author website: https://xthaz.fr/ Date: 2022-09-11 Vendor Homepage: https://cobbr.io/Covenant.html Software Link: https://github.com/cobbr/Covenant Version: v0.1.3 - v0.5 Tested on: Windows 11 compiled covenant Windows...
Covenant v0.5 - Remote Code Execution Exploit
Exploit Title: Covenant v0.5 - Remote Code Execution RCE Exploit Author: xThaz Author website: https://xthaz.fr/ Vendor Homepage: https://cobbr.io/Covenant.html Software Link: https://github.com/cobbr/Covenant Version: v0.1.3 - v0.5 Tested on: Windows 11 compiled covenant Windows defender disable...
Covenant v0.5 - Remote Code Execution (RCE)
Exploit Title: Covenant v0.5 - Remote Code Execution RCE Exploit Author: xThaz Author website: https://xthaz.fr/ Date: 2022-09-11 Vendor Homepage: https://cobbr.io/Covenant.html Software Link: https://github.com/cobbr/Covenant Version: v0.1.3 - v0.5 Tested on: Windows 11 compiled covenant Windows...
Zuthaka - An Open Source Application Designed To Assist Red-Teaming Efforts, By Simplifying The Task Of Managing Different APTs And Other Post-Exploitation Tools
A collaborative free open-source Command & Control integration framework that allows developers to concentrate on the core function and goal of their C2. Explore the docs » About the project Problem Statement The current C2s ecosystem has rapidly grown in order to adapt to modern red team...
Malicious Software Infrastructure Easier to Get and Deploy Than Ever
Simple to use and deploy offensive security tools, making it easier than ever for criminals with little technical know-how to get in on cybercrime are seeing a significant rise, researchers say. Recorded Future just released findings from its regular year-end observations of malicious...
covenant_rce
No d...
UPDATE: Covenant v0.6
Covenant v0.6, a major update was released a couple of days ago. My last post about this open source, collaborative .NET C2 framework for red teamers was about Covenant v0.5. It includes a set of new features such as streaming output, newer UI themes, a tabbed terminal view and lots of bug fixes...
UPDATE: Covenant v0.5
Covenant v0.5, a major update was released a few hours ago. My last post about this open source, collaborative .NET C2 framework for red teamers was about Covenant v0.4. This is a major update and includes a brand new .NET Core cross-platform implant “Brute” that can be run on Windows, Linux, or...
UPDATE: Covenant v0.4
Yesterday, Covenant v0.4 was released. My last about Covenant was titled Covenant v0.3.2. Majorly, this version provides options that allow developers to integrate custom C2 communication protocols into an operation within Covenant. This version really makes the development of new listeners is mu...
UPDATE: Covenant v0.3.2
PenTestIT RSS Feed A few weeks ago an update – Covenant v0.3.2 was released. There was a brief mention about Covenant in my post titled – List of Open Source C2 Post-Exploitation Frameworks. This updated version includes new persistence modules - PersistWMI, PersistAutorun, PersistStartup, a...