SSL certificate verification for failed
TL;DR a certificate for part of the Cobalt Strike update infrastructure changed. Download the 20200511 distribution package to avoid certificate verification errors. If you recently
Staged Payloads – What Pen Testers Should Know
The Metasploit Framework decouples exploits from the stuff that gets executed after successful exploitation (the payload). Payloads in the Metasploit Framework are also divided into
Stealthy Peer-to-peer C&C over SMB pipes
Beacon is my payload for low and slow control of a compromised system. Recently, I added peer-to-peer communication to Beacon. When two Beacons are linked,
Stopping Cybercriminals From Abusing Security Tools
Microsoft’s Digital Crimes Unit (DCU), cybersecurity software company Fortra™ and Health Information Sharing and Analysis Center (Health-ISAC) are taking technical and legal action to disrupt
Survival Skills for Small Infosec Vendors
Information Security is a strange field. There are probably few professions with such a wide range of social skills and preferences as the information security
Tactics to Hack an Enterprise Network
In June 2012, I released Cobalt Strike, a commercial penetration testing package that picks up where Armitage leaves off. Cobalt Strike is a direct expression of what I
Talk to your children about Payload Staging
Time to time, I find myself in an email exchange about payload security and payload staging. The payload security discussion revolves around Beacon’s security features.
TeamServer.prop
Following the 4.4 release, you may have noticed a warning message when starting your teamserver: The missing file is optional and its absence does not
Telling the Offensive Story at CCDC
The 2013 National CCDC season ended in April 2013. One topic that I’ve sat on since this year’s CCDC season ended is feedback. Providing meaningful and
That time a printer tried to get Cobalt Strike
I’m sometimes asked: “Raphael, what does Strategic Cyber LLC do to control Cobalt Strike?” That’s the subject of this blog post. What is Cobalt Strike?