Resources

Beacon Object File ADVENTURES: Some Zerologon, SMBGhost, and Situational Awareness

Cobalt Strike can use PowerShell, .NET, and Reflective DLLs for its post-exploitation features. This is the weaponization problem set. How to take things, developed outside

Blog

Beacon – An Operator’s Guide

Beacon is a payload in Cobalt Strike that has a lot of communication flexibility. This blog post is not a replacement for the documentation, but rather

Blog

Beacon – A PCI Compliant Payload for Cobalt Strike

TL;DR Beacon is a new Cobalt Strike payload that uses DNS to reduce the need to talk directly to Cobalt Strike. Beacon helps you mimic

Blog

Artificial Intelligence for Post-Exploitation

Post-exploitation tasks frequently require manual analysis, such as relying on an operators’ expertise to scan a target environment for sensitive information that could support in

Blog

Arsenal Kit Update: Thread Stack Spoofing

As I mentioned in the recent Roadmap Update blog post, we are in the process of expanding the Cobalt Strike development team and ramping up

Blog

Armitage and Cobalt Strike 1.47 Released

Armitage and Cobalt Strike 1.47 are now available. This release improves many aspects of the workflow in both Armitage and Cobalt Strike. Here are some

Blog

Appropriate Covert Channels

As a product vendor, I regularly receive suggestions from my users. It’s easy to break these suggestions up into different categories. One such category would

Blog

Another Night, Another Actor

Earlier last year, I had a frantic call from a customer. They needed to make a small change to Beacon’s communication pattern and quickly. This

Blog

An unnecessary addiction to DNS communication

I regularly hear stories from my users about how they got past a tough situation and had success that they claim was not possible without

Blog

Aggressor Script’s Secret mIRC Scripting Past

Aggressor Script is the scripting engine in Cobalt Strike 3.0 and later. If you want to learn more about it, I recommend reading the documentation.