Evade Egress Restrictions with Staged Payloads
Sometimes, it’s easy to get code execution in a network, but very difficult to egress out of it. When you are an external actor trying
Europol Coordinates Global Action Against Criminal Abuse of Cobalt Strike
Press Release: View Original Europol Announcement 03 Jul 2024 – Law enforcement has teamed up with the private sector to fight against the abuse of
Email Delivery – What Pen Testers Should Know
I get a lot of questions about spear phishing. There’s a common myth that it’s easy to phish. Start a local mail server and have your hacking
Dynamically Instrumenting Beacon With BeaconGate – For All Your Call Stack Spoofing Needs!
TL;DR: In this blog we’ll demonstrate how to instrument Beacon via BeaconGate and walk through our implementations of return address spoofing, indirect syscalls, and a
DNS Communication is a Gimmick
I added DNS Communication to Cobalt Strike in June 2013 and refined it further in July 2013. On sales calls and at conferences I get
DNS Command and Control Added to Cobalt Strike
Many networks are like sieves. A reverse TCP payload or an HTTP/S connection is all it takes to get out. Once in a while, you
Dirty Red Team Tricks II at Derbycon 2.0
Last year, I spoke on Dirty Red Team Tricks at Derbycon. This talk was a chance to share what I had used at the Collegiate
Deprecation Notice: Metasploit source checkouts will NO LONGER update over SVN – Move to Git
The official home of the Metasploit Framework’s source code has been github for a while now. Ever since the move to Git, Rapid7 has operated
Delivering custom payloads with Metasploit using DLL injection
I’m very interested in supporting alternative remote administration tools in Cobalt Strike. Meterpreter is awesome as an active RAT, but I need something less chatty
DARPA’s Cyber Fast Track: My Experience
Last week, I received a grant from DARPA through the Cyber Fast Track program. I consider this a big milestone in my personal career. If