Java Startup Bug in Java 1.8u131
If you recently updated your penetration testing environment, it’s possible you were greeted with a special surprise. Cobalt Strike and its team server will no
Joe’s Transition
My career is taking me in a new and exciting direction, and I am stepping down from my role on the Cobalt Strike team. I’ve
Keystroke Logging with Beacon
I feel asynchronous low and slow C2 is a missing piece in the penetration tester’s toolkit. Beacon is Cobalt Strike’s answer to this problem. Beacon
Kits, Profiles, and Scripts… Oh my!
If I had to describe Cobalt Strike in one word, I’d say ‘flexible’. There are a lot of options to control Cobalt Strike’s features and
Learn Pipe Fitting for all of your Offense Projects
Named pipes are a method of inter-process communication in Windows. They’re used primarily for local processes to communicate with eachother. They can also facilitate communication
Linux, Left out in the Cold?
I’ve had several folks ask about Linux targets with Cobalt Strike 3.0 and later. Beacon is a Windows-only payload. The big question becomes, how do
Listeners: Cobalt Strike’s Glue Feature
Listeners are Cobalt Strike’s abstraction in front of the Metasploit Framework’s payload handlers. A handler is the exploit/multi/handler module. This module sets up a server that
London User Group
July 10th | 6:30pm |Magazzino* Whether you’re an internal or consulting red team, we’d love for you to join us for this event in London.
Looking Back & Moving Forward: 10 Years of Cobalt Strike
A decade after its debut by founder Raphael Mudge, Cobalt Strike has become a favorite tool of cybersecurity experts in every industry for adversary simulation and Red
Man-in-the-Browser Session Hijacking
Malware like Zeus and its variants inject themselves into a user’s browser to steal banking information. This is a man-in-the-browser attack. So-called, because the attacker