Blog Archives - Cobalt Strike

Playing in the (Tradecraft) Garden of Beacon: Finding Eden

Posted on January 23, 2026 (January 23, 2026)

We have previously blogged about using BeaconGate to dynamically instrument Beacon at run time. However, one of BeaconGate’s limitations is that it is not applied throughout Beacon’s entire lifecycle. Specifically, it does not impact the reflective loading process. Hence, if an EDR is monitoring for unbacked VirtualAlloc or LoadLibrary calls, we cannot use BeaconGate to bypass it. To solve this problem, we must get our hands dirty with UDRL development. However, to […]

Me, Myself and AI: Internal Experiments with the CS REST API

Posted on December 22, 2025 (December 22, 2025)

This blog is all about experimenting and having fun with the new CS REST API and the generative AI ecosystem. We’ll demonstrate how we used Claude Desktop and its Model Context Protocol (MCP) integration to automate and orchestrate attacks through the CS REST API. We will also share the following internal (vibe-coded) experiments, intended to […]

Release Out: Finally, Some REST

Posted on December 1, 2025 (February 4, 2026)

The REST API was a major feature of the 4.12 release and forms part of a broader ongoing change in the Cobalt Strike ecosystem. Therefore, we wanted to dedicate a blog post to explain the rationale behind it, discuss the architecture, and provide hands-on examples to get our customers up and running. In addition to […]

Cobalt Strike 4.12: Fix Up, Look Sharp!

Posted on November 24, 2025 (February 4, 2026)

Cobalt Strike 4.12 is now available. We are excited to introduce a new look and feel for the Cobalt Strike GUI, a REST API, User Defined Command and Control (UDC2), new process injection options, new UAC bypasses, a new BOF API BeaconDownload for in-memory buffers, and new drip loading Malleable C2 options. Additionally, we have overhauled […]

Get to Know Cobalt Strike: New Introductory Training

Posted on September 24, 2025 (November 25, 2025)

We’re excited to announce the launch of a brand-new Cobalt Strike training course, created in collaboration between Fortra and Zero-Point Security. This unique partnership brings together the expertise of Cobalt Strike’s team with the field-tested training experience of Zero-Point Security to deliver an unmatched learning opportunity. Through this course users can learn how to use […]

Artificial Intelligence for Post-Exploitation

Posted on September 15, 2025 (October 1, 2025)

Post-exploitation tasks frequently require manual analysis, such as relying on an operators’ expertise to scan a target environment for sensitive information that could support in the pursuit of an objective. For example, searching file shares and internal applications for sensitive information of credentials. These tasks are often time consuming, but can be dramatically improved with […]

Dynamically Instrumenting Beacon With BeaconGate – For All Your Call Stack Spoofing Needs!

Posted on June 5, 2025 (July 29, 2025)

TL;DR: In this blog we’ll demonstrate how to instrument Beacon via BeaconGate and walk through our implementations of return address spoofing, indirect syscalls, and a call stack spoofing technique, Draugr, that are now available in Sleepmask-VS. Furthermore, we’ll provide tips and tricks for developers in getting set up with Sleepmask-VS so they can write their […]

Out of Band Update: Cobalt Strike 4.11.1

Posted on May 12, 2025 (May 12, 2025)

Cobalt Strike 4.11.1 is now available. This is an out of band update to fix an issue regarding module stomping that was discovered in the 4.11 release that we felt should be fixed prior to the next release. Besides that issue, this out of band release also allowed us to include two other smaller bugfixes/quality […]

Cobalt Strike 4.11: Shhhhhh, Beacon is Sleeping….

Posted on March 17, 2025 (May 12, 2025)

Cobalt Strike 4.11 is now available. This release introduces a novel Sleepmask, a novel process injection technique, new out-of-the-box obfuscation options for Beacon, asynchronous BOFs, and a DNS over HTTPS (DoH) Beacon. Additionally, we have overhauled Beacon’s reflective loader and there are numerous QoL updates. Out-of-the-Box Evasion Overhaul The focus of this release (and the […]

Update: Stopping Cybercriminals from Abusing Cobalt Strike

Posted on March 7, 2025 (March 7, 2025)

Since 2023, Microsoft’s Digital Crimes Unit (DCU), Fortra, and the Health Information Sharing and Analysis Center (Health-ISAC) have been working together to combat the use of unauthorized, legacy copies of Cobalt Strike and compromised Microsoft software, which have been weaponized by cybercriminals to deploy ransomware and other malware, causing significant harm to critical sectors like […]

CTA Type: Blog

Playing in the (Tradecraft) Garden of Beacon: Finding Eden

Me, Myself and AI: Internal Experiments with the CS REST API

Release Out: Finally, Some REST

Cobalt Strike 4.12: Fix Up, Look Sharp!

Get to Know Cobalt Strike: New Introductory Training

Artificial Intelligence for Post-Exploitation

Dynamically Instrumenting Beacon With BeaconGate – For All Your Call Stack Spoofing Needs!

Out of Band Update: Cobalt Strike 4.11.1

Cobalt Strike 4.11: Shhhhhh, Beacon is Sleeping….

Update: Stopping Cybercriminals from Abusing Cobalt Strike

Footer Menu 1

Footer Menu 2

Footer Menu 3

Footer Menu 4

Footer Menu 5

Contact Information

Privacy Policy

Cookie Policy

Terms of Service

Impressum