Introduction
If you’ve been following our trajectory over the past 12 months, you will have noticed some of the significant design and architecture changes we’ve been making. The largest of which was the full rewrite of the backend teamserver and introduction of JSON RPC APIs. One of the key drivers for these changes was to pre-position the framework for what we’re releasing in Nighthawk 0.4.
Open For Business
Red Team Operations are multi-faceted, and adaptability is a key requirement for ensuring continued success. With Nighthawk 0.4, we introduced a new feature we’re labelling “Open Agent” — another Nighthawk first for commercial C2s. Open Agent allows you to develop and integrate your own agents, whether complete agents or stage 1s, into Nighthawk.
At minimum, Open Agents must implement the following three tasking commands:
CPMT_GET_DETAILED_INFO: Allows the backend to obtain basic information about the machine.CPMT_GET_CONFIG: Allows the backend to know the sleep and fragmentation settings.CPMT_TERMINATE_PROCESS: Allows the operator to instruct the agent to terminate its own execution.
Taking Center Stage
Complementing our Open Agent feature, in 0.4 we introduced a suite of new staging tools dubbed the Stager Kit. This suite comprises NHStager, a Builder, Visual Studio code templates and a new OpSec-driven loader.
NHStager supports a minimal set of commands including whoami, ps, execute-bof, inject, ls, upload, download, and more. It comes with a built-in BOF loader with full support for the Cobalt Strike BOF API.
NHConfigurator
NHConfigurator is a UI-based wizard that allows operators to cherry pick which high-level OpSec configuration options they want, while automatically creating random beacon network profiles and producing nginx location rules.