Resources

Blog

Cobalt Strike 3.14 – Post-Ex Omakase Shimasu

Cobalt Strike 3.14 is now available. This release benefits the OPSEC of Beacon’s post-exploitation jobs. To take a screenshot, log keystrokes, dump credentials, or scan

Blog

Cobalt Strike Team Server Population Study

From February 4, 2019 to February 15, 2019 Strategic Cyber LLC connected to several live Cobalt Strike team servers to download Beacon payloads, analyze them,

Blog

Cobalt Strike 3.13 – Why do we argue?

Cobalt Strike 3.13 is now available. This release adds a TCP Beacon, process argument spoofing, and extends the Obfuscate and Sleep capability to the SMB

Blog

Cobalt Strike 3.12 – Blink and you’ll miss it

Cobalt Strike 3.12 is now available. This release adds an “obfuscate and sleep” in-memory evasion feature, gives operators [some] control over process injection, and introduces

Blog

Broken Promises and Malleable C2 Profiles

Red Team infrastructure is a detail-heavy subject. Take the case of domain fronting through a CDN like CloudFront. You have to setup the CloudFront distribution, have a valid

Blog

PowerShell Shellcode Injection on Win 10 (v1803)

Cobalt Strike’s process to inject shellcode, via PowerShell, does not work with the latest Windows 10 update (v1803). While it’s possible to work without this

Blog

Fighting the Toolset

What happens when your advantages become a disadvantage? That’s the theme of Fighting the Toolset. This lecture discusses Offensive PowerShell, staging, memory-injected DLLs, and remote

Blog

Cobalt Strike 3.11 – The snake that eats its tail

Cobalt Strike 3.11 is now available. This release adds to Cobalt Strike’s in-memory threat emulation and evasion capabilities, adds a means to run .NET executable

Blog

Beware of Slow Downloads

I often receive emails that ask about slow file downloads with the Beacon payload. Here are the symptoms: When I get these emails, I usually

Blog

In-Memory Evasion

Many analysts and automated solutions take advantage of various memory detections to find injected DLLs in memory. Memory detections look at the properties (and content)

Applied Filters

Sort

Applied Filters

Type

Topic

Author

Subscribe to the Blog

Footer Menu 1

Footer Menu 2

Footer Menu 3

Footer Menu 4

Footer Menu 5

Contact Information

Privacy Policy

Cookie Policy

Terms of Service

Impressum