The REST API was a major feature of the 4.12 release and forms part of a broader ongoing change in the Cobalt Strike ecosystem. Therefore, we wanted to dedicate a blog post to explain the rationale behind it, discuss the architecture, and provide hands-on examples to get our customers up and running. In addition to […]
CTA Type: Blog
Cobalt Strike 4.12: Fix Up, Look Sharp!
Cobalt Strike 4.12 is now available. We are excited to introduce a new look and feel for the Cobalt Strike GUI, a REST API, User Defined Command and Control (UDC2), new process injection options, new UAC bypasses, a new BOF API BeaconDownload for in-memory buffers, and new drip loading Malleable C2 options. Additionally, we have overhauled […]
Get to Know Cobalt Strike: New Introductory Training
We’re excited to announce the launch of a brand-new Cobalt Strike training course, created in collaboration between Fortra and Zero-Point Security. This unique partnership brings together the expertise of Cobalt Strike’s team with the field-tested training experience of Zero-Point Security to deliver an unmatched learning opportunity. Through this course users can learn how to use […]
Read More… from Get to Know Cobalt Strike: New Introductory Training
Artificial Intelligence for Post-Exploitation
Post-exploitation tasks frequently require manual analysis, such as relying on an operators’ expertise to scan a target environment for sensitive information that could support in the pursuit of an objective. For example, searching file shares and internal applications for sensitive information of credentials. These tasks are often time consuming, but can be dramatically improved with […]
Read More… from Artificial Intelligence for Post-Exploitation
Dynamically Instrumenting Beacon With BeaconGate – For All Your Call Stack Spoofing Needs!
TL;DR: In this blog we’ll demonstrate how to instrument Beacon via BeaconGate and walk through our implementations of return address spoofing, indirect syscalls, and a call stack spoofing technique, Draugr, that are now available in Sleepmask-VS. Furthermore, we’ll provide tips and tricks for developers in getting set up with Sleepmask-VS so they can write their […]
Out of Band Update: Cobalt Strike 4.11.1
Cobalt Strike 4.11.1 is now available. This is an out of band update to fix an issue regarding module stomping that was discovered in the 4.11 release that we felt should be fixed prior to the next release. Besides that issue, this out of band release also allowed us to include two other smaller bugfixes/quality […]
Cobalt Strike 4.11: Shhhhhh, Beacon is Sleeping….
Cobalt Strike 4.11 is now available. This release introduces a novel Sleepmask, a novel process injection technique, new out-of-the-box obfuscation options for Beacon, asynchronous BOFs, and a DNS over HTTPS (DoH) Beacon. Additionally, we have overhauled Beacon’s reflective loader and there are numerous QoL updates. Out-of-the-Box Evasion Overhaul The focus of this release (and the […]
Read More… from Cobalt Strike 4.11: Shhhhhh, Beacon is Sleeping….
Update: Stopping Cybercriminals from Abusing Cobalt Strike
Since 2023, Microsoft’s Digital Crimes Unit (DCU), Fortra, and the Health Information Sharing and Analysis Center (Health-ISAC) have been working together to combat the use of unauthorized, legacy copies of Cobalt Strike and compromised Microsoft software, which have been weaponized by cybercriminals to deploy ransomware and other malware, causing significant harm to critical sectors like […]
Read More… from Update: Stopping Cybercriminals from Abusing Cobalt Strike
Out of Band Update: Cobalt Strike 4.10.1
Cobalt Strike 4.10.1 is now available. This is an out of band update to fix issues that were discovered in Cobalt Strike 4.10 that we felt should be fixed before the next release. This update does not affect the 4.11 release which is well underway and due to ship in early 2025. Mutiple Team Server […]
Cobalt Strike Staffing Changes and the Road Ahead
TLDR: Cobalt Strike Staffing Changes Recently there have been some internal changes within the Cobalt Strike team. Greg Darwin has switched to a new position within Fortra. Greg has been the face of Cobalt Strike within the community for a number of years and we thank Greg for all his work and effort he put […]
Read More… from Cobalt Strike Staffing Changes and the Road Ahead