Development Posted on January 22, 2015 (May 3, 2022) Cobalt Strike 2.3 – I’ve always wanted runas Cobalt Strike 2.3 is now available. This release adds a runas command to Beacon. This command allows you to specify a username and password for any Read More
Development Posted on November 26, 2014 (September 26, 2022) My Constraint-based Product Strategy When I work on a project, I like to define a broad problem statement. This is the project’s intended mark on the world. I don’t Read More
Development Posted on November 20, 2014 (September 30, 2022) Cobalt Strike 2.2 – 1995 called, it wants its covert channel back… Cobalt Strike’s Covert VPN feature now supports ICMP as one of its channels. Covert VPN is Cobalt Strike’s layer-2 pivoting capability. If you’re curious about Read More
Development Posted on October 22, 2014 (May 3, 2022) Map of Cobalt Strike Features for Armitage Users I wrote Cobalt Strike and I take it for granted that my users know where things are. This doesn’t come from nowhere though. The users Read More
Development Posted on October 1, 2014 (September 26, 2022) User-driven Attacks A user-driven attack is an attack that relies on a feature to get code execution. Most penetration testers I know rely on user-driven attacks over Read More
Development Posted on September 23, 2014 (September 30, 2022) Cobalt Strike 2.1 – I have the POWER(shell) For a long time, I’ve wanted the ability to use PowerUp, Veil PowerView, and PowerSploit with Cobalt Strike. These are useful post-exploitation capabilities written in Read More
Development Posted on January 8, 2014 (September 30, 2022) Cobalt Strike 01.08.14 – EXE Artifacts: A New Hope Cobalt Strike has always exposed the Metasploit Framework’s tool to generate executables. Unfortunately, these executables are caught by anti-virus products. I’ve had a lot of Read More
Development Posted on December 12, 2013 (March 1, 2023) Why do I always use 32-bit payloads? Yesterday, one of my customers asked about x64 payloads in Cobalt Strike. Specifically, he wanted to know why Cobalt Strike doesn’t expose them. I’ve already Read More
Development Posted on September 26, 2013 (October 19, 2022) Browser Pivoting (Get past two-factor auth) Several months ago, I was asked if I had a way to get past two-factor authentication on web applications. Criminals do it, but penetration testers Read More
Development Posted on March 6, 2013 (October 19, 2022) Cobalt Strike Updates 03.06.13 Just in time for this weekend’s North East Collegiate Cyber Defense Competition event, I have a fresh update to Armitage and Cobalt Strike. Here’s the Read More
