High latency communication allows you to conduct operations on your target’s network, without detection, for a long time. An example of high-latency communication is a bot that phones home to an attacker’s web server to request instructions once each day. High latency communication is common with advanced threat malware. It’s not common in penetration testing […]
Read More… from Covert Lateral Movement with High-Latency C&C
I spend a lot of time on the road in March and April—using my tools. During these months, I take careful notes of the usability issues I’d like to address and small tweaks that would make life better for Cobalt Strike’s hacker corps. Today’s Cobalt Strike release is the result of notes and my first-hand […]
Read More… from Cobalt Strike 1.49 – HTTP Proxy Authentication? No Problem.
Information Security is a strange field. There are probably few professions with such a wide range of social skills and preferences as the information security profession. Personally, I think this is what’s fun. It’s pretty cool that an MC can take a shot of vodka before introducing a speaker at a conference. Unfortunately, the perceived […]
Meterpreter’s getsystem command is taken for granted. Type getsystem and magically Meterpreter elevates you from a local administrator to the SYSTEM user. What’s really happening though? The getsystem command has three techniques. The first two rely on named pipe impersonation. The last one relies on token duplication. Let’s go through them: Technique 1 creates a […]
Listeners are Cobalt Strike’s abstraction in front of the Metasploit Framework’s payload handlers. A handler is the exploit/multi/handler module. This module sets up a server that waits for a payload on a compromised system to connect to you. Cobalt Strike’s listeners feature is a way to configure handlers that start when Cobalt Strike starts. A listener consists […]
UAC is User Account Control. Introduced in Windows Vista, UAC is a collection of technologies that make it convenient possible to use Windows without administrator privileges and elevate your rights when needed. UAC has a lot of moving parts and encompasses a lot of things. This post focuses on Windows Integrity levels and UAC elevation […]
Read More… from User Account Control – What Penetration Testers Should Know
I’m writing this from a New Hampshire Bed and Breakfast where I’ve apparently received the Jacuzzi suite. I’m here for a romantic weekend running psexec and managing Beacons inside of student networks for the North East Collegiate Cyber Defense Competition event. This is my seventh year with this event. I made a lot of development progress early into my […]
The CCDC season is upon us. This is the time of year when professionals with many years of industry experience “volunteer” to hack against college students who must defend computer networks riddled with security holes. For the second year, my company is making Cobalt Strike available to members of the National CCDC and Regional CCDC red teams. […]
Read More… from CCDC Red Teams: Ten Tips to Maximize Success
Cobalt Strike 1.48 (02.27.14) is now available. This release is the byproduct of a very intense development cycle. The theme of this release is: details matter. Read on for a sense of what I mean by this. Pivot Listeners This Cobalt Strike update introduces pivot listeners. A pivot listener is a handler for a reverse payload […]
If you’ve ever had to change a module in the Metasploit Framework, you know the go to place is the modules/ directory off of the Metasploit Framework’s root folder. Recently, I had to modify the Metasploit Framework’s reverse_http stager. It currently sends a blank User-Agent. This is a problem because a blank User-Agent will not […]