Merlin v0.9.0 was released a couple of days ago. This release adds support for HTTP and h2c protocols. As we know, the h2c protocol is the non-TLS version of HTTP/2. This release also adds new "Listeners" menu to create and manage multiple listeners. You can now configure agent/listeners to listen on a list of resources and change the Agent JA3 hash on the fly! Read more about UPDATE: Merlin v0.9.0
UPDATE: Sysdig Falco v0.18.0
Sysdig Falco v0.18.0 was released a while ago which I detected when I was using this tool and hence this blog. It has been some time since I last blogged about this open source behavorial activity monitor which has container support and a lot has changed in this version as well. What is Sysdig Falco? Sysdig Falco is an open source, behavioral activity monitor designed Read more about UPDATE: Sysdig Falco v0.18.0
UPDATE: Merlin v0.8.0
A week ago an update - Merlin v0.8.0 was released. There was a brief mention about Merlin in my post titled - List of Open Source C2 Post-Exploitation Frameworks. This new version includes several new features to increase Operations Security (OPSEC) and usability. One of the more notable features was the introduction of the augmented Password Authenticated Key Exchange (aPAKE) Read more about UPDATE: Merlin v0.8.0
List of Open Source C2 Post-Exploitation Frameworks
This post has been lying in my drafts for more than a year with edits all over. But two days ago, it was announced that Powershell Empire would no longer be supported by it's authors. Hence just like I curated a list of adversary emulation tools, I finalized this list of open source C2 post-exploitation frameworks and thought of publishing this today. This is my attempt at Read more about List of Open Source C2 Post-Exploitation Frameworks
UPDATE: Sysdig Falco v0.15.1
Three days ago, an updated version – Sysdig Falco v0.15.1 – was released. It has been some time since I last blogged about this open source behavorial activity monitor which has container support. This release remediates integration issues with Anchore by updating urllib3 and requests Python library versions in addition to others. Read more about UPDATE: Sysdig Falco v0.15.1