Broken Promises and Malleable C2 Profiles
Red Team infrastructure is a detail-heavy subject. Take the case of domain fronting through a CDN like CloudFront. You have to setup the CloudFront distribution, have a valid
Beware of Slow Downloads
I often receive emails that ask about slow file downloads with the Beacon payload. Here are the symptoms: When I get these emails, I usually
Behind the Mask: Spoofing Call Stacks Dynamically with Timers
This blog introduces a PoC technique for spoofing call stacks using timers. Prior to our implant sleeping, we can queue up timers to overwrite its
Beacon Object File ADVENTURES: Some Zerologon, SMBGhost, and Situational Awareness
Cobalt Strike can use PowerShell, .NET, and Reflective DLLs for its post-exploitation features. This is the weaponization problem set. How to take things, developed outside
Beacon – An Operator’s Guide
Beacon is a payload in Cobalt Strike that has a lot of communication flexibility. This blog post is not a replacement for the documentation, but rather
Beacon – A PCI Compliant Payload for Cobalt Strike
TL;DR Beacon is a new Cobalt Strike payload that uses DNS to reduce the need to talk directly to Cobalt Strike. Beacon helps you mimic
Artificial Intelligence for Post-Exploitation
Post-exploitation tasks frequently require manual analysis, such as relying on an operators’ expertise to scan a target environment for sensitive information that could support in
Arsenal Kit Update: Thread Stack Spoofing
As I mentioned in the recent Roadmap Update blog post, we are in the process of expanding the Cobalt Strike development team and ramping up
Armitage and Cobalt Strike 1.47 Released
Armitage and Cobalt Strike 1.47 are now available. This release improves many aspects of the workflow in both Armitage and Cobalt Strike. Here are some
Appropriate Covert Channels
As a product vendor, I regularly receive suggestions from my users. It’s easy to break these suggestions up into different categories. One such category would