For those who don’t know me, my name is Daniel Duggan, known online as RastaMouse. I spent over a decade working as a penetration tester and red teamer across the public and private sector, before founding Zero-Point Security in 2018. My mission was to build the kind of training I wish had existed when I […]
Read More… from New Mouse in the House: Zero-Point Security Training Joins the Fortra Family
Today, we’re launching Cobalt Strike Research Labs (CS:RL), a new Fortra offering that unites the research expertise of the Cobalt Strike and Outflank teams. CS:RL delivers cutting-edge, ready-to-use research tooling for Cobalt Strike, including custom UDRLs, Sleep Masks, UDC2 channels, and post-exploitation capabilities. Most importantly, it provides the Cobalt Strike team with a platform to […]
We have previously blogged about using BeaconGate to dynamically instrument Beacon at run time. However, one of BeaconGate’s limitations is that it is not applied throughout Beacon’s entire lifecycle. Specifically, it does not impact the reflective loading process. Hence, if an EDR is monitoring for unbacked VirtualAlloc or LoadLibrary calls, we cannot use BeaconGate to bypass it. To solve this problem, we must get our hands dirty with UDRL development. However, to […]
Read More… from Playing in the (Tradecraft) Garden of Beacon: Finding Eden
This blog is all about experimenting and having fun with the new CS REST API and the generative AI ecosystem. We’ll demonstrate how we used Claude Desktop and its Model Context Protocol (MCP) integration to automate and orchestrate attacks through the CS REST API. We will also share the following internal (vibe-coded) experiments, intended to […]
Read More… from Me, Myself and AI: Internal Experiments with the CS REST API
The REST API was a major feature of the 4.12 release and forms part of a broader ongoing change in the Cobalt Strike ecosystem. Therefore, we wanted to dedicate a blog post to explain the rationale behind it, discuss the architecture, and provide hands-on examples to get our customers up and running. In addition to […]
Cobalt Strike 4.12 is now available. We are excited to introduce a new look and feel for the Cobalt Strike GUI, a REST API, User Defined Command and Control (UDC2), new process injection options, new UAC bypasses, a new BOF API BeaconDownload for in-memory buffers, and new drip loading Malleable C2 options. Additionally, we have overhauled […]
We’re excited to announce the launch of a brand-new Cobalt Strike training course, created in collaboration between Fortra and Zero-Point Security. This unique partnership brings together the expertise of Cobalt Strike’s team with the field-tested training experience of Zero-Point Security to deliver an unmatched learning opportunity. Through this course users can learn how to use […]
Read More… from Get to Know Cobalt Strike: New Introductory Training
Post-exploitation tasks frequently require manual analysis, such as relying on an operators’ expertise to scan a target environment for sensitive information that could support in the pursuit of an objective. For example, searching file shares and internal applications for sensitive information of credentials. These tasks are often time consuming, but can be dramatically improved with […]
Read More… from Artificial Intelligence for Post-Exploitation
TL;DR: In this blog we’ll demonstrate how to instrument Beacon via BeaconGate and walk through our implementations of return address spoofing, indirect syscalls, and a call stack spoofing technique, Draugr, that are now available in Sleepmask-VS. Furthermore, we’ll provide tips and tricks for developers in getting set up with Sleepmask-VS so they can write their […]
Cobalt Strike 4.11.1 is now available. This is an out of band update to fix an issue regarding module stomping that was discovered in the 4.11 release that we felt should be fixed prior to the next release. Besides that issue, this out of band release also allowed us to include two other smaller bugfixes/quality […]