The Cobalt Strike training web page has been updated. https://www.cobaltstrike.com/training/ The training web page lists free courses created by the Cobalt Strike team that provide an overview of the product. It also lists courses offered by trusted 3rd parties. The 3rd party courses use Cobalt Strike to some degree and can be a great way […]
CTA Type: Resource
Cobalt Strike Community Webcast: January 2022
Interested in staying up to date on Cobalt Strike? Watch our community webcast, where product experts provided an overview of the Cobalt Strike 4.5 release and demo some of its new features. We look forward to hosting additional forums where we can further interact with our user community and help you get more out of […]
Read More… from Cobalt Strike Community Webcast: January 2022
Offensive Security: Advanced Bundle
Core Impact and Cobalt Strike represent two distinct, yet complementary approaches to security assessment. Core Impact is an automated pen testing tool that focuses on initial access and security validation, while Cobalt Strike specializes in advanced post-exploitation techniques for red team operations. In additional to functioning independently, security teams can benefit from both platform during […]
Cobalt Strike Datasheet
Cobalt Strike is a standard-setting adversary simulation tool, recognized globally for facilitating red team operations with its signature payload and extensible C2 framework to accurately replicate the tactics of today’s advanced threat actors. Beacon: The Customizable Post-Exploitation Payload Beacon, Cobalt Strike’s signature payload, models the behavior of advanced adversaries to perform post-exploitation activities. Beacon offers […]
Writing Beacon Object Files: Flexible, Stealthy, and Compatible
Our colleagues over at Core Security have been doing great things with Cobalt Strike, making use of it in their own engagements. They wrote up this post on creating Cobalt Strike Beacon Object Files using the MinGW compiler on Linux. It covers several ideas and best practices that will increase the quality of your BOFs. […]
Read More… from Writing Beacon Object Files: Flexible, Stealthy, and Compatible
User Defined Reflective Loader (UDRL) Update in Cobalt Strike 4.5
The User Defined Reflective Loader (UDRL) was first introduced in Cobalt Strike 4.4. to allow the creation and use of a custom reflective loader. This quickly took off by the community and its limits were pushed. Updates were made in 4.5 to help address some of these limits. Updates Increased Size A new hook BEACON_DLL_SIZE […]
Read More… from User Defined Reflective Loader (UDRL) Update in Cobalt Strike 4.5
Sleep Mask Update in Cobalt Strike 4.5
The Sleep Mask Kit was first introduced in Cobalt Strike 4.4 to allow users to modify how the sleep mask function looks in memory in order to defeat static signatures that identified Beacon. This quickly took off in the community and its limits were pushed. Updates were made in 4.5 to help address some of these limits. Licensed users can download the updated kit from […]
A Deeper Look Into the Max Retry Strategy Option
A complementary strategy to the Host Rotation Strategy was introduced to Cobalt Strike 4.5. The max retry strategy was added to HTTP, HTTPS, and DNS beacon listeners. A max retry strategy allows a beacon to exit after a specified failure count. As the failure count increases, sleep is adjusted to a specified value. By default, […]
Read More… from A Deeper Look Into the Max Retry Strategy Option
Process Injection Update in Cobalt Strike 4.5
Process injection is a core component to Cobalt Strike post exploitation. Until now, the option was to use a built-in injection technique using fork&run. This has been great for stability, but does come at the cost of OPSEC. Cobalt Strike 4.5 now supports two new Aggressor Script hooks: PROCESS_INJECT_SPAWN and PROCESS_INJECT_EXPLICIT. These hooks allow a user to define how the fork&run and explicit injection techniques are implemented when executing post-exploitation […]
Read More… from Process Injection Update in Cobalt Strike 4.5
Cobalt Strike 4.5: Fork&Run – you’re “history”
Cobalt Strike 4.5 is now available. This release sees new options for process injection, updates to the sleep mask and UDRL kits, evasion improvements and a command history update along with other, smaller changes. Security Updates Before getting into the details of the release, I just wanted to impress upon you how seriously we take […]
Read More… from Cobalt Strike 4.5: Fork&Run – you’re “history”