Flying a Cylon Raider
In Season 1, Episode 5 of Battlestar Galactica, Lieutenant Kara Thrace finds herself marooned on a barren planet with a crashed Cylon Raider. To get
Fighting the Toolset
What happens when your advantages become a disadvantage? That’s the theme of Fighting the Toolset. This lecture discusses Offensive PowerShell, staging, memory-injected DLLs, and remote
Evolution of a Modern Hacking Payload
One of the most important features in Cobalt Strike is its Beacon payload. This is my capability to model advanced attackers. In this post, I’d
Evade Egress Restrictions with Staged Payloads
Sometimes, it’s easy to get code execution in a network, but very difficult to egress out of it. When you are an external actor trying
Europol Coordinates Global Action Against Criminal Abuse of Cobalt Strike
Press Release: View Original Europol Announcement 03 Jul 2024 – Law enforcement has teamed up with the private sector to fight against the abuse of
Email Delivery – What Pen Testers Should Know
I get a lot of questions about spear phishing. There’s a common myth that it’s easy to phish. Start a local mail server and have your hacking
Dynamically Instrumenting Beacon With BeaconGate – For All Your Call Stack Spoofing Needs!
TL;DR: In this blog we’ll demonstrate how to instrument Beacon via BeaconGate and walk through our implementations of return address spoofing, indirect syscalls, and a
DNS Communication is a Gimmick
I added DNS Communication to Cobalt Strike in June 2013 and refined it further in July 2013. On sales calls and at conferences I get
DNS Command and Control Added to Cobalt Strike
Many networks are like sieves. A reverse TCP payload or an HTTP/S connection is all it takes to get out. Once in a while, you
Dirty Red Team Tricks II at Derbycon 2.0
Last year, I spoke on Dirty Red Team Tricks at Derbycon. This talk was a chance to share what I had used at the Collegiate