For some people, programming comes naturally to them. For others, it’s a struggle or something that doesn’t click with the way they think. The same thing with hacking. Hackers often complain about “script kiddies”, people who use tools without any clue about what they do. What’s the difference between someone who will become a good […]
Cornerstone: Announcements
Cobalt Strike 1.49 – HTTP Proxy Authentication? No Problem.
I spend a lot of time on the road in March and April—using my tools. During these months, I take careful notes of the usability issues I’d like to address and small tweaks that would make life better for Cobalt Strike’s hacker corps. Today’s Cobalt Strike release is the result of notes and my first-hand […]
Read More… from Cobalt Strike 1.49 – HTTP Proxy Authentication? No Problem.
Cobalt Strike 03.13.14 – NECCDC Edition
I’m writing this from a New Hampshire Bed and Breakfast where I’ve apparently received the Jacuzzi suite. I’m here for a romantic weekend running psexec and managing Beacons inside of student networks for the North East Collegiate Cyber Defense Competition event. This is my seventh year with this event. I made a lot of development progress early into my […]
Cobalt Strike 02.27.14 – Details Matter
Cobalt Strike 1.48 (02.27.14) is now available. This release is the byproduct of a very intense development cycle. The theme of this release is: details matter. Read on for a sense of what I mean by this. Pivot Listeners This Cobalt Strike update introduces pivot listeners. A pivot listener is a handler for a reverse payload […]
Man-in-the-Browser Session Hijacking
Malware like Zeus and its variants inject themselves into a user’s browser to steal banking information. This is a man-in-the-browser attack. So-called, because the attacker is injecting malware into the target’s browser. Man-in-the-browser malware uses two approaches to steal banking information. They either capture form data as it’s sent to a server. For example, malware […]
Cobalt Strike 1.48 – Peer-to-peer C&C
I’m pleased to announce Cobalt Strike 1.48. This release introduces a peer-to-peer data channel for Beacon, improves browser pivoting, and updates the signed applet attack with options the latest Java 1.7 updates require. Peer-to-Peer Beacon It’s hard to stay hidden when many compromised systems call out to the internet. To solve this problem, Beacon now supports peer-to-peer command and […]
Armitage and Cobalt Strike 1.47 Released
Armitage and Cobalt Strike 1.47 are now available. This release improves many aspects of the workflow in both Armitage and Cobalt Strike. Here are some of the highlights. Beacon Type ‘meterpreter’ in a Beacon console to spawn a Meterpreter session and tunnel it through your Beacon in one fell swoop. This gives you the power […]
DNS Command and Control Added to Cobalt Strike
Many networks are like sieves. A reverse TCP payload or an HTTP/S connection is all it takes to get out. Once in a while, you have to whip out the kung-fu to escape a network. For these situations, DNS is a tempting option. If a system can resolve a hostname, then that host can communicate […]
Read More… from DNS Command and Control Added to Cobalt Strike
Cobalt Strike Boxed Set comes to ShmooCon
It’s the middle of February, love is in the air, and… I’m busy preparing for my favorite hacker conference ShmooCon. This year, for the second year in a row, Strategic Cyber LLC is sponsoring ShmooCon. Last year, I had intended to launch Cobalt Strike. Except, it wasn’t called Cobalt Strike and someone else beat me […]
Two Years of Fast and Easy Hacking
Today marks the two-year anniversary of the release of Armitage. My goal was to create a collaboration tool for exercise red teams. I wanted to show up to North East CCDC with a new toy. I had no idea Armitage would lead to so many new friends and new adventures. In the past two years, Armitage […]