Breaking the Covenant: Researcher discovers critical flaw in open source C2 framework

guest · Oct 30, 2020

Breaking the Covenant: Researcher discovers critical flaw in open source C2 framework
Tables turned as red teaming tool gets pwned
October 30, 2020
https://portswigger.net/daily-swig/...ers-critical-flaw-in-open-source-c2-framework

A security researcher has turned the tables on offensive security tool Covenant by identifying a series of bugs that eventually allowed him to achieve remote code execution (RCE).

Covenant is a .NET-based command and control (C2) framework by Ryan Cobb of SpecterOps that red teamers and pen testers use for offensive cyber operations.
The open source framework features GUI, API, and plugin driven exploitation options that allow operators to interact with other offensive toolkits.

A security researcher nicknamed ‘Coastal’ was able to achieve full administrative access to the C2 server via the API exposed by Covenant. [...] detailed technical write-up that explains the attack path.
Click to expand...

Hunting the hunters
Exploitation of Covenant was possible because of the exposure of secrets through the "accidental commit of an ephemeral development application settings file”, as the researcher explains:

Covenant v0.6 was released with a more permanent fix in early August, nearly three months before Coastal went public with his write-up earlier this week.
Click to expand...

Log in or Sign up

Breaking the Covenant: Researcher discovers critical flaw in open source C2 framework

guest Guest

Log in or Sign up

Breaking the Covenant: Researcher discovers critical flaw in open source C2 framework

guest Guest

Useful Searches