Stage 2 Security Launches Voodoo 1.2.0 with ARM support


A leader in Adversary Simulation, Protection and Prevention services, Stage 2 Security (S2) announced the release of their multi-platform, multi-user red team post exploitation toolset Voodoo 1.2.0, which supports executing Python, Powershell, C#, and .NET code exclusively from memory now runs on ARM processors in addition to x64 cores.

This means red team operators and penetration testers can now easily leverage the modules in other open-source projects such as Empire, IoT exploits, or payloads specifically designed to run inside containerized environments (e.g. Docker, Kubernetes, etc.) without having to waste time rewriting or porting code over to the Voodoo platform. This is in addition to its one of a kind, in-memory only python scripting engine, which has existed in the platform since launch.

“Enabling ARM support is truly a game changer. Add into that Powershell, C# and .Net code to run from memory only enables our clients to truly operate multi-platform at scale and current with TTPs. Combining these new features with our in-memory python scripting engine and Linux process hollowing techniques we are evolving into a full functioning platform for red teamers to test while evading standard defensive tools,” said Bryce Kunz Chief Strategy Officer.

Voodoo enables a red team operator to chain agents together through a series of call-back (reverse) and call-in (connect) payloads, across multiple various operating systems (e.g. Windows, Linux, Android, macOS, & iOS), providing access deep into target networks to information systems which should never communicate via the Internet (e.g. SCADA networks, CDEs/Cardholder Data Environments, internal databases, etc.).

While on an engagement, red teams can collaborate in real-time within the Voodoo platform using its multi-user, web-based interface and multi-threaded design without the worry of interference into each other’s operations.