Jump to content

Locked HiddenDesktop v0.1 - HVNC for Cobalt Strike

Recommended Posts

This is the hidden content, please

Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved, but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++.

There are four components of Hidden Desktop:

    BOF initializer: Small program responsible for injecting the HVNC code into the Beacon process.
    HVNC shellcode: PIC implementation of TinyNuke HVNC.
    Server and operator UI: Server that listens for connections from the HVNC shellcode and a UI that allows the operator to interact with the remote desktop. Currently only supports Windows.
    Application launcher BOFs: Set of Beacon Object Files that execute applications in the new desktop.


The HiddenDesktop BOF was tested using example.profile on the following Windows versions/architectures:

  •     Windows Server 2022 x64
  •     Windows Server 2016 x64
  •     Windows Server 2012 R2 x64
  •     Windows Server 2008 x86
  •     Windows 7 SP1 x64

This is the hidden content, please

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.