Announcements, Development Posted on December 5, 2019 (November 29, 2022) Cobalt Strike 4.0 – Bring Your Own Weaponization Cobalt Strike 4.0 is now available. This release improves Cobalt Strike’s distributed operations model, revises post-exploitation workflows to drop some historical baggage, and adds “Bring Read More
Development Posted on August 21, 2019 (November 29, 2022) Cobalt Strike’s Process Injection: The Details Cobalt Strike 3.14 finally delivered some of the process injection flexibility I’ve long wanted to see in the product. In this post, I’d like to Read More
Development Posted on January 2, 2019 (May 3, 2022) Cobalt Strike 3.13 – Why do we argue? Cobalt Strike 3.13 is now available. This release adds a TCP Beacon, process argument spoofing, and extends the Obfuscate and Sleep capability to the SMB Read More
Development Posted on September 6, 2018 (May 3, 2022) Cobalt Strike 3.12 – Blink and you’ll miss it Cobalt Strike 3.12 is now available. This release adds an “obfuscate and sleep” in-memory evasion feature, gives operators [some] control over process injection, and introduces Read More
Development Posted on May 24, 2018 (May 3, 2022) PowerShell Shellcode Injection on Win 10 (v1803) Cobalt Strike’s process to inject shellcode, via PowerShell, does not work with the latest Windows 10 update (v1803). While it’s possible to work without this Read More
Development Posted on April 26, 2017 (May 3, 2022) Java Startup Bug in Java 1.8u131 If you recently updated your penetration testing environment, it’s possible you were greeted with a special surprise. Cobalt Strike and its team server will no Read More
Development Posted on March 15, 2017 (May 3, 2022) Cobalt Strike 3.7 – Cat, Meet Mouse The 8th release of the Cobalt Strike 3.0 series is now available. The release extends Malleable C2 to influence how Beacon lives in memory, adds code-signing Read More
Development Posted on December 8, 2016 (September 30, 2022) Cobalt Strike 3.6 – A Path for Privilege Escalation Cobalt Strike 3.6 is now available. This release adds an API to use third-party privilege escalation exploits with Beacon and extends Malleable C2 to allow Read More
Development Posted on October 3, 2016 (September 30, 2022) Cobalt Strike 3.5.1 – Important Security Update Cobalt Strike 3.5.1 is now available. This release addresses a remote code execution vulnerability in Cobalt Strike. This vulnerability was discovered after a report of Read More
Development Posted on September 28, 2016 (May 3, 2022) Cobalt Strike RCE. Active Exploitation Reported. Summary There is a remote code execution vulnerability in the Cobalt Strike team server. A hot fix that breaks this particular exploit chain is available. Read More
