Out of Band Update: Cobalt Strike 4.11.1
Cobalt Strike 4.11.1 is now available. This is an out of band update to fix an issue regarding module stomping that was discovered in the
Cobalt Strike 4.11: Shhhhhh, Beacon is Sleeping….
Cobalt Strike 4.11 is now available. This release introduces a novel Sleepmask, a novel process injection technique, new out-of-the-box obfuscation options for Beacon, asynchronous BOFs,
Update: Stopping Cybercriminals from Abusing Cobalt Strike
Since 2023, Microsoft’s Digital Crimes Unit (DCU), Fortra, and the Health Information Sharing and Analysis Center (Health-ISAC) have been working together to combat the use
Out of Band Update: Cobalt Strike 4.10.1
Cobalt Strike 4.10.1 is now available. This is an out of band update to fix issues that were discovered in Cobalt Strike 4.10 that we
Cobalt Strike Staffing Changes and the Road Ahead
TLDR: Cobalt Strike Staffing Changes Recently there have been some internal changes within the Cobalt Strike team. Greg Darwin has switched to a new position
Revisiting the UDRL Part 3: Beacon User Data
The UDRL and the Sleepmask are key components of Cobalt Strike’s evasion strategy, yet historically they have not worked well together. For example, prior to
Cobalt Strike 4.10: Through the BeaconGate
Cobalt Strike 4.10 is now available. This release introduces BeaconGate, the Postex Kit, and Sleepmask-VS. In addition, we have overhauled the Sleepmask API, refreshed the
Europol Coordinates Global Action Against Criminal Abuse of Cobalt Strike
Press Release: View Original Europol Announcement 03 Jul 2024 – Law enforcement has teamed up with the private sector to fight against the abuse of
Cobalt Strike Infrastructure Downtime – March 2024
The Cobalt Strike download infrastructure will be down for a short while on Wednesday 13th March for routine maintenance. Work will begin around 15:00 GMT
Introducing the Mutator Kit: Creating Object File Monstrosities with Sleep Mask and LLVM
This is a joint blog written by William Burgess (@joehowwolf) and Henri Nurmi (@HenriNurmi). In our ‘Cobalt Strike and YARA: Can I Have Your Signature?’