Because of the invaluable data they possess, financial institutions remain a favorite target of malicious actors, with cyberattacks in the sector up more than 400% in three years. Fortunately, offensive security measures like red teaming can augment defensive tactics, giving security teams in the financial sector an additional leg up. Red team engagements test an […]
CTA Type: Resource
Cobalt Strike 4.11: Shhhhhh, Beacon is Sleeping….
Cobalt Strike 4.11 is now available. This release introduces a novel Sleepmask, a novel process injection technique, new out-of-the-box obfuscation options for Beacon, asynchronous BOFs, and a DNS over HTTPS (DoH) Beacon. Additionally, we have overhauled Beacon’s reflective loader and there are numerous QoL updates. Out-of-the-Box Evasion Overhaul The focus of this release (and the […]
Read More… from Cobalt Strike 4.11: Shhhhhh, Beacon is Sleeping….
Update: Stopping Cybercriminals from Abusing Cobalt Strike
Since 2023, Microsoft’s Digital Crimes Unit (DCU), Fortra, and the Health Information Sharing and Analysis Center (Health-ISAC) have been working together to combat the use of unauthorized, legacy copies of Cobalt Strike and compromised Microsoft software, which have been weaponized by cybercriminals to deploy ransomware and other malware, causing significant harm to critical sectors like […]
Read More… from Update: Stopping Cybercriminals from Abusing Cobalt Strike
Mutator Kit: Cobalt Strike Feature Demo
This short video provides a high level overview on how to install and use the Cobalt Strike Mutator Kit, which uses an LLVM obfuscator to break in-memory YARA scanning of the sleep mask. Are you ready to take the next step? […]
Out of Band Update: Cobalt Strike 4.10.1
Cobalt Strike 4.10.1 is now available. This is an out of band update to fix issues that were discovered in Cobalt Strike 4.10 that we felt should be fixed before the next release. This update does not affect the 4.11 release which is well underway and due to ship in early 2025. Mutiple Team Server […]
Cobalt Strike In 5 Minutes
Cobalt strike is a powerful red team tool that is used by pen testers and red teamers to replicate the tactics and techniques of long-term embedded attackers. This 5-minute video will give you a high-level overview of Cobalt Strike’s functionality, including its signature payload, Beacon, and its flexible C2 framework. Are you ready to take the next step? […]
Cobalt Strike Staffing Changes and the Road Ahead
TLDR: Cobalt Strike Staffing Changes Recently there have been some internal changes within the Cobalt Strike team. Greg Darwin has switched to a new position within Fortra. Greg has been the face of Cobalt Strike within the community for a number of years and we thank Greg for all his work and effort he put […]
Read More… from Cobalt Strike Staffing Changes and the Road Ahead
A Simple Guide to Successful Red Teaming
As threat actors innovate their tactics, security teams need to match them step for step. We can’t fight new and complex threats with old and predictable techniques. It’s time that the gloves come off and that organizations subject their networks, cloud resources, and internal assets to not only real-world threats, but real-world attacks – and […]
Revisiting the UDRL Part 3: Beacon User Data
The UDRL and the Sleepmask are key components of Cobalt Strike’s evasion strategy, yet historically they have not worked well together. For example, prior to CS 4.10, Beacon statically calculated its location in memory using a combination of its base address and its section table. This calculation was then modified depending on the contents of […]
Read More… from Revisiting the UDRL Part 3: Beacon User Data
Cobalt Strike 4.10: Through the BeaconGate
Cobalt Strike 4.10 is now available. This release introduces BeaconGate, the Postex Kit, and Sleepmask-VS. In addition, we have overhauled the Sleepmask API, refreshed the Jobs UI, added new BOF APIs, added support for hot swapping C2 hosts, and more. This has been a longer release cycle than in previous releases to allow us to […]