User-defined Storage-based Covert Communication
One of my favorite Cobalt Strike technologies is Malleable C2. This is a domain specific language for user-defined storage-based covert communication. That’s just a fancy
User-driven Attacks
A user-driven attack is an attack that relies on a feature to get code execution. Most penetration testers I know rely on user-driven attacks over
Using AV-safe Executables with Cortana
Part of a penetration tester’s job is to deal with security products, such as anti-virus. Those of us that use the open source Metasploit Framework
verify.cobaltstrike.com outage summary
Cobalt Strike’s update process was degraded due to a data center outage that affected https://verify.cobaltstrike.com. The verify server is back up and the functionality of
What happened to my Kill Date?
Cobalt Strike 3.4 introduced a Kill Date feature. This is a date that Cobalt Strike embeds into each Beacon stage. If a Beacon artifact is
What happens when I type getsystem?
Meterpreter’s getsystem command is taken for granted. Type getsystem and magically Meterpreter elevates you from a local administrator to the SYSTEM user. What’s really happening
What is a stageless payload artifact?
I’ve had a few questions about Cobalt Strike’s stageless payloads and how these compare to other payload varieties. In this blog post, I’ll explain stageless
What’s in a Team Server?
Clients (like Armitage) interface with the Metasploit Framework through its Remote API. The Remote API is a way for clients to call functions in the
What’s the go-to phishing technique or exploit?
This blog post is inspired by a question sent to a local mailing list. The original poster asks, what’s the go-to phishing technique or exploit
When You Know Your Enemy
TL;DR This is my opinion on Threat Intelligence: Automated Defense using Threat Intelligence feeds is (probably) rebranded anti-virus. Threat Intelligence offers benefit when used to