BOF Posted on March 11, 2021 (September 13, 2022) Simple DNS Redirectors for Cobalt Strike This post, from Ernesto Alvarez Capandeguy of Core Security’s CoreLabs Research Team, describes techniques used for creating UDP redirectors for protecting Cobalt Strike team servers. Read More
BOF, Red Team Posted on September 17, 2020 (May 3, 2022) Beacon Object File ADVENTURES: Some Zerologon, SMBGhost, and Situational Awareness Cobalt Strike can use PowerShell, .NET, and Reflective DLLs for its post-exploitation features. This is the weaponization problem set. How to take things, developed outside Read More
BOF Posted on May 2, 2019 (May 2, 2022) Cobalt Strike 3.14 – Post-Ex Omakase Shimasu Cobalt Strike 3.14 is now available. This release benefits the OPSEC of Beacon’s post-exploitation jobs. To take a screenshot, log keystrokes, dump credentials, or scan Read More
BOF Posted on March 9, 2018 (May 2, 2022) Beware of Slow Downloads I often receive emails that ask about slow file downloads with the Beacon payload. Here are the symptoms: It takes multiple hours to grab a Read More
BOF, Red Team Posted on June 23, 2017 (May 3, 2022) OPSEC Considerations for Beacon Commands Update January 9, 2020 – This topic is now part of the Cobalt Strike documentation. Head over to the Beacon Command Behavior page for the Read More
BOF Posted on July 22, 2016 (May 3, 2022) Why is rundll32.exe connecting to the internet? Previously, I wrote a blog post to answer the question: why is notepad.exe connecting to the internet? This post was written in response to a generation Read More
BOF Posted on June 22, 2016 (May 3, 2022) Talk to your children about Payload Staging Time to time, I find myself in an email exchange about payload security and payload staging. The payload security discussion revolves around Beacon’s security features. Read More
BOF Posted on June 15, 2016 (May 3, 2022) What is a stageless payload artifact? I’ve had a few questions about Cobalt Strike’s stageless payloads and how these compare to other payload varieties. In this blog post, I’ll explain stageless Read More
BOF Posted on March 10, 2016 (September 30, 2022) Cobalt Strike 3.2 – The Inevitable x64 Beacon Cobalt Strike 3.2, the third release in the 3.x series, is now available. The 3.2 release focuses on fixes and improvements across the Cobalt Strike Read More
BOF Posted on December 2, 2015 (September 30, 2022) Cobalt Strike 3.1 – Scripting Beacons Cobalt Strike 3.1 is now available. This release adds a lot of polish to the 3.x codebase and addresses several items from user feedback. Aggressor Read More
