Red Team Use Case: Government Agency

Background A government agency responsible for critical public services commissions a Red Team engagement to assess its cybersecurity resilience. The exercise simulates an advanced persistent threat (APT) attack, testing the agency’s ability to detect, respond to, and mitigate cyber threats targeting sensitive government data, public infrastructure, and national security.  Phase 1: Initial Access Operations  The […]

Read More… from Red Team Use Case: Government Agency

Red Team Use Case: Financial Institution

Background  A large financial institution conducts an assumed breach exercise to test its cybersecurity resilience. The Red Team is tasked with simulating an advanced persistent threat (APT) attack, while the Blue Team monitors, detects, and mitigates threats in real-time.  Phase 1: Initial Access Operations  The Red Team conducts reconnaissance on the Financial Institution’s employees using […]

Read More… from Red Team Use Case: Financial Institution

Red Team Use Case: Hospital Network

Background A regional hospital network conducts a Red Team engagement to evaluate its cybersecurity defenses. The exercise aims to simulate a sophisticated cyberattack targeting patient data, medical devices, and critical infrastructure, testing the hospital’s ability to detect, respond to, and recover from an intrusion.  Phase 1: Initial Access Operations  The Red Team begins by gathering […]

Read More… from Red Team Use Case: Hospital Network

Industry

One of the original public red team command and control frameworks, Cobalt Strike has become the red teaming toolkit of choice across the finance, government, and healthcare sectors. We understand the unique threat types targeting your industry, and we give you the flexibility, interoperability, and payload generation needed to stay ahead of cyberattacks. Get out […]

Read More… from Industry

Cobalt Strike On-Demand Demo (CTA)

From its malleable Command and Control framework to its advanced post-exploitation capabilities, get an overview of Cobalt Strike’s core features in our on-demand demo. See how this tool prioritizes operational flexibility and stability to stand apart and why red team experts consider Cobalt Strike a vital security testing tool. Watch Cobalt Strike Demo. […]

Read More… from Cobalt Strike On-Demand Demo (CTA)

Revisiting the UDRL Part 3: Beacon User Data

The UDRL and the Sleepmask are key components of Cobalt Strike’s evasion strategy, yet historically they have not worked well together. For example, prior to CS 4.10, Beacon statically calculated its location in memory using a combination of its base address and its section table. This calculation was then modified depending on the contents of […]

Read More… from Revisiting the UDRL Part 3: Beacon User Data

Introducing the Mutator Kit: Creating Object File Monstrosities with Sleep Mask and LLVM

This is a joint blog written by William Burgess (@joehowwolf) and Henri Nurmi (@HenriNurmi). In our ‘Cobalt Strike and YARA: Can I Have Your Signature?’ blog post, we highlighted that the sleep mask is a common target for in-memory YARA signatures. In that post we recommended using the evasive sleep mask option to scramble the […]

Read More… from Introducing the Mutator Kit: Creating Object File Monstrosities with Sleep Mask and LLVM

Revisiting the User-Defined Reflective Loader Part 2: Obfuscation and Masking

This is the second installment in a series revisiting the User-Defined Reflective Loader (UDRL). In part one, we aimed to simplify the development and debugging of custom loaders and introduced the User-Defined Reflective Loader Visual Studio (UDRL-VS) template. In this installment, we’ll build upon the original UDRL-VS loader and explore how to apply our own […]

Read More… from Revisiting the User-Defined Reflective Loader Part 2: Obfuscation and Masking

Cobalt Strike and YARA: Can I Have Your Signature?

Over the past few years, there has been a massive proliferation of YARA signatures for Beacon. We know from conversations with our customers that this has become problematic when using Cobalt Strike for red team engagements and that there has been some confusion over how Cobalt Strike’s malleable C2 options can help.   Therefore, this blog […]

Read More… from Cobalt Strike and YARA: Can I Have Your Signature?