Blogs filtered by Development

Summary There is a remote code execution vulnerability in the Cobalt Strike team server. A hot fix that breaks this particular exploit chain is available.

Read More

Cobalt Strike 3.5 is now available. This release adds an SSH client with a Beacon-like interface. This client allows you to conduct post-exploitation actions against

Read More

Time to time, I hand out Cobalt Strike license keys to non-customers. Sometimes these are to support an event (e.g., the National CCDC Red Team).

Read More

Some hackers only think about access. It’s the precious. How to get that first shell? I don’t care too much about this. I’m concerned about

Read More

One of the hardest parts of being a developer is working with bug reports and support requests disguised as bug reports. Some people write very

Read More

I’ve had several folks write to me asking about the Connection Refused error when they try to use Cobalt Strike. This one: Cobalt Strike 3.0

Read More

One of my favorite features in Cobalt Strike is its ability to pivot over named pipes. A named pipe is a way for two programs

Read More

I spend a lot of my red time in the Access Manager role. This is the person on a red team who manages callbacks for

Read More

Cobalt Strike 2.4 is now available. If you use Beacon for post-exploitation, you’ll find a lot to like in this release. Here’s the highlights: Post-Exploitation Jobs

Read More