##########
Blog Posts
##########

This page is used to catalog blog posts about Merlin

Posts by Ne0nd0g
----------------

* `Practical Approach to Detecting and Preventing Web Application Attacks over HTTP/2- A SANS Master's Degree Presentation <https://www.sans.org/webcasts/practical-approach-detecting-preventing-web-application-attacks-http-2-masters-degree-presentation-106910>`_
* `Introducing Merlin — A cross-platform post-exploitation HTTP/2 Command & Control Tool <https://medium.com/@Ne0nd0g/introducing-merlin-645da3c635a>`_
* `Merlin Adds Support for the QUIC protocol <https://medium.com/@Ne0nd0g/merlin-adds-support-for-the-quic-protocol-ee5f8a1e8955>`_
* `Merlin 💖 JavaScript — All up in Your Browsers <https://medium.com/@Ne0nd0g/merlin-javascript-all-up-in-your-browsers-e46d6449382>`_
* `Merlin Adds Module Support <https://medium.com/@Ne0nd0g/merlin-adds-module-support-f1211175412e>`_
* `Merlin v0.1.4 Released — Menus &Modules <https://medium.com/@Ne0nd0g/merlin-v0-1-4-released-menus-modules-8efd1ce9ba84>`_
* `Merlin Adds DLL Agent & PowerShell Invoke-Merlin Script <https://medium.com/@Ne0nd0g/merlin-adds-dll-agent-powershell-invoke-merlin-script-6127b3d7cbcd>`_
* `Merlin v0.6.0 Beta Released <https://medium.com/@Ne0nd0g/merlin-v0-6-0-beta-released-7e75d3ef06a9>`_
* `Merlin v0.7.0 Release & Roll-up <https://medium.com/@Ne0nd0g/merlin-v0-7-0-release-roll-up-717739cde77a>`_
* `Merlin Goes OPAQUE for Key Exchange <https://medium.com/@Ne0nd0g/merlin-goes-opaque-for-key-exchange-420db3a58713>`_
* `Merlin v0.8.0 Released <https://medium.com/@Ne0nd0g/merlin-v0-8-0-released-6883528b370b>`_

External Posts
--------------

* `Merlin for Red Teams <http://lockboxx.blogspot.com/2018/02/merlin-for-red-teams.html>`_
* `Intro to Using GScript for Red Teams <http://lockboxx.blogspot.com/2018/02/intro-to-using-gscript-for-red-teams.html>`_
* `Merlin The (C2) Wizard! <https://bestestredteam.com/2019/01/15/merlin-the-c2-wizard/>`_
* `Command and Control Guide to Merlin <https://www.hackingarticles.in/command-and-control-guide-to-merlin>`_
* `C2 Agent Comparison <https://threatexpress.com/blogs/2019/c2-agent-comparison/>`_

Appearances
-----------

* `The Hacker Playbook 3: Practical Guide To Penetration Testing <https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1980901759/>`_
* B Sides Knoxville 2018
* `Black Hat Arsenal 2018 <https://www.blackhat.com/us-18/arsenal/schedule/index.html#merlin-11986>`_
* `HackTheBox - Rabbit <https://www.youtube.com/watch?v=5nnJq_IWJog>`_ by `@ippsec <https://twitter.com/ippsec>`_
* `HackTheBox - Bounty <https://www.youtube.com/watch?v=7ur4om1K98Y>`_ by `@ippsec <https://twitter.com/ippsec>`_
* `Merlin - Post Exploitation over HTTP / 2 (Part1) GERMAN <https://pentestit.de/merlin-post-exploitation-ueber-http-2-teil1/>`_ - `English <https://translate.google.com/translate?sl=auto&tl=en&u=https%3A%2F%2Fpentestit.de%2Fmerlin-post-exploitation-ueber-http-2-teil1%2F>`_
* `Merlin - Post Exploitation over HTTP / 2 (Part 2) GERMAN <https://pentestit.de/merlin-post-exploitation-ueber-http-2-teil2/>`_ - `English <https://translate.google.com/translate?sl=auto&tl=en&u=https%3A%2F%2Fpentestit.de%2Fmerlin-post-exploitation-ueber-http-2-teil2%2F>`__
* `An MS Office backdoor with Merlin GERMAN <https://pentestit.de/eine-ms-office-hintertuer-mit-merlin/>`_ - `(English) <https://translate.google.com/translate?sl=auto&tl=en&u=https%3A%2F%2Fpentestit.de%2Feine-ms-office-hintertuer-mit-merlin%2F>`_
  * `MS-Office Backdoor with Merlin <https://www.youtube.com/watch?v=CCPYVJgm3SA>`_ - YouTube Video

Tweets
------

* https://twitter.com/QW5kcmV3/status/1097633091932352513
* https://twitter.com/qw5kcmv3/status/1167070746235064321
* https://twitter.com/UnkL4b/status/1166478926450843648
* https://twitter.com/Dinosn/status/1158292492133052416

Misc.
-----

* https://valhalla.nextron-systems.com/info/rule/HKTL_MerlinAgent