You're on a red team engagement. You generate a Havoc payload. You execute it on Windows 11. Windows Defender catches it immediately.
This happened to me. Repeatedly.
Stock open-source C2 frameworks (Havoc, Sliver, Covenant) are heavily signatured. EDR vendors have had years to reverse them. The signatures aren't just for the binaries anymore—they're for the behaviors.
I decided to build a new C2 framework called ByteCode from scratch, with one priority: evasion.
Top comments (0)