Pics or it didn’t happen…
One of the most important things in a red teamer’s job is evidence. If you can’t demonstrate impact and make a risk real, it’s as
Pivoting through SSH
This is a pretty quick tip, but still useful. When you SSH to a host, you may use the -D flag to setup “dynamic” application-level
Playing in the (Tradecraft) Garden of Beacon: Finding Eden
We have previously blogged about using BeaconGate to dynamically instrument Beacon at run time. However, one of BeaconGate’s limitations is that it is not applied throughout Beacon’s entire lifecycle. Specifically, it does
Post-Exploitation Only (Not Really)
During a recent conversation, a friend had mentioned that they saw Cobalt Strike as a post-exploitation only tool. This strikes me as a little odd.
Post-Mortem of a Metasploit Framework Bug
Two weekends ago, I ran my Advanced Threat Tactics course with a group of 19 people. During the end exercise, one of the teams was frustrated. Their
PowerShell Shellcode Injection on Win 10 (v1803)
Cobalt Strike’s process to inject shellcode, via PowerShell, does not work with the latest Windows 10 update (v1803). While it’s possible to work without this
Process Injection Update in Cobalt Strike 4.5
Process injection is a core component to Cobalt Strike post exploitation. Until now, the option was to use a built-in injection technique using fork&run. This
Pushing back on userland hooks with Cobalt Strike
When I think about defense in the current era, I think of it as a game of instrumentation and telemetry. A well-instrumented endpoint provides a
Puttering my Panda and other Threat Replication Case Studies
Cobalt Strike 2.0 introduced Malleable C2, a technology to redefine network indicators in the Beacon payload. What does this mean for you? It means you
Raffi’s Abridged Guide to Cobalt Strike
This blog post is a fast overview of Cobalt Strike. I assume that you are familiar with Meterpreter, Mimikatz, and make use of Offensive PowerShell in