Check us out at SecretCon 2025! PAIKKA Vandalia Tower, St. Paul, MN […]
SecretCon 2025
Product Line: Cobalt Strike
ShowMeCon 2025
Come see us at Showmecon! Ameristar Casino & Resort One Ameristar Blvd., St. Charles, MO, 63301 US […]
Out of Band Update: Cobalt Strike 4.11.1
Cobalt Strike 4.11.1 is now available. This is an out of band update to fix an issue regarding module stomping that was discovered in the 4.11 release that we felt should be fixed prior to the next release. Besides that issue, this out of band release also allowed us to include two other smaller bugfixes/quality […]
Fortra Cobalt Strike Demo Session – May 2025
Join a technical walkthrough of Cobalt Strike’s advanced capabilities for post-exploitation and adversary simulation. In the session, Cobalt Strike developers and researchers will demonstrate usage of the product and show the advanced evasion and customization of Cobalt Strike through hands-on demos. The session will be presented by Cobalt Strike product team members Pieter Ceelen and […]
Read More… from Fortra Cobalt Strike Demo Session – May 2025
Red Team Use Case: Government Agency
Background A government agency responsible for critical public services commissions a Red Team engagement to assess its cybersecurity resilience. The exercise simulates an advanced persistent threat (APT) attack, testing the agency’s ability to detect, respond to, and mitigate cyber threats targeting sensitive government data, public infrastructure, and national security. Phase 1: Initial Access Operations The […]
Red Team Use Case: Financial Institution
Background A large financial institution conducts an assumed breach exercise to test its cybersecurity resilience. The Red Team is tasked with simulating an advanced persistent threat (APT) attack, while the Blue Team monitors, detects, and mitigates threats in real-time. Phase 1: Initial Access Operations The Red Team conducts reconnaissance on the Financial Institution’s employees using […]
Red Team Use Case: Healthcare
Background A regional hospital network conducts a Red Team engagement to evaluate its cybersecurity defenses. The exercise aims to simulate a sophisticated cyberattack targeting patient data, medical devices, and critical infrastructure, testing the hospital’s ability to detect, respond to, and recover from an intrusion. Phase 1: Initial Access Operations The Red Team begins by gathering […]
Red Teaming in the Financial Sector
Because of the invaluable data they possess, financial institutions remain a favorite target of malicious actors, with cyberattacks in the sector up more than 400% in three years. Fortunately, offensive security measures like red teaming can augment defensive tactics, giving security teams in the financial sector an additional leg up. Red team engagements test an […]
Cobalt Strike 4.11: Shhhhhh, Beacon is Sleeping….
Cobalt Strike 4.11 is now available. This release introduces a novel Sleepmask, a novel process injection technique, new out-of-the-box obfuscation options for Beacon, asynchronous BOFs, and a DNS over HTTPS (DoH) Beacon. Additionally, we have overhauled Beacon’s reflective loader and there are numerous QoL updates. Out-of-the-Box Evasion Overhaul The focus of this release (and the […]
Read More… from Cobalt Strike 4.11: Shhhhhh, Beacon is Sleeping….
Update: Stopping Cybercriminals from Abusing Cobalt Strike
Since 2023, Microsoft’s Digital Crimes Unit (DCU), Fortra, and the Health Information Sharing and Analysis Center (Health-ISAC) have been working together to combat the use of unauthorized, legacy copies of Cobalt Strike and compromised Microsoft software, which have been weaponized by cybercriminals to deploy ransomware and other malware, causing significant harm to critical sectors like […]
Read More… from Update: Stopping Cybercriminals from Abusing Cobalt Strike