blogs.rst

Blog Posts

This page is used to catalog blog posts about Merlin

Posts by Ne0nd0g

• Practical Approach to Detecting and Preventing Web Application Attacks over HTTP/2- A SANS Master's Degree Presentation
• Introducing Merlin — A cross-platform post-exploitation HTTP/2 Command & Control Tool
• Merlin Adds Support for the QUIC protocol
• Merlin 💖 JavaScript — All up in Your Browsers
• Merlin Adds Module Support
• Merlin v0.1.4 Released — Menus &Modules
• Merlin Adds DLL Agent & PowerShell Invoke-Merlin Script
• Merlin v0.6.0 Beta Released
• Merlin v0.7.0 Release & Roll-up
• Merlin Goes OPAQUE for Key Exchange
• Merlin v0.8.0 Released

External Posts

• Merlin for Red Teams
• Intro to Using GScript for Red Teams
• Merlin The (C2) Wizard!
• Command and Control Guide to Merlin
• C2 Agent Comparison
• Kubesploit: A New Offensive Tool for Testing Containerized Environments

Appearances

• The Hacker Playbook 3: Practical Guide To Penetration Testing
• B Sides Knoxville 2018
• Black Hat Arsenal 2018
• HackTheBox - Rabbit by @ippsec
• HackTheBox - Bounty by @ippsec
• Merlin - Post Exploitation over HTTP / 2 (Part1) GERMAN - English
• Merlin - Post Exploitation over HTTP / 2 (Part 2) GERMAN - English
• An MS Office backdoor with Merlin GERMAN - (English)
  • MS-Office Backdoor with Merlin - YouTube Video

Tweets

• https://twitter.com/QW5kcmV3/status/1097633091932352513
• https://twitter.com/qw5kcmv3/status/1167070746235064321
• https://twitter.com/UnkL4b/status/1166478926450843648
• https://twitter.com/Dinosn/status/1158292492133052416

Misc.

• https://valhalla.nextron-systems.com/info/rule/HKTL_MerlinAgent