Why do I always use 32-bit payloads?
Yesterday, one of my customers asked about x64 payloads in Cobalt Strike. Specifically, he wanted to know why Cobalt Strike doesn’t expose them. I’ve already
Why can’t I psexec with EXE::Custom?
Seasoned Metasploit Framework users know that it’s a bad idea to let the framework generate an executable for you. The framework’s encoders are not a
Who let the logs out? Woof.
Logging is an important feature in any red team operations platform. Logs serve multiple purposes. Good logs aid reporting. If an operator needs output for
When You Know Your Enemy
TL;DR This is my opinion on Threat Intelligence: Automated Defense using Threat Intelligence feeds is (probably) rebranded anti-virus. Threat Intelligence offers benefit when used to
What’s the go-to phishing technique or exploit?
This blog post is inspired by a question sent to a local mailing list. The original poster asks, what’s the go-to phishing technique or exploit
What’s in a Team Server?
Clients (like Armitage) interface with the Metasploit Framework through its Remote API. The Remote API is a way for clients to call functions in the
What is Adversary Simulation?
At Cobalt Strike, we’re often asked, “what is adversary simulation?” This three minute video reveals what adversary simulations are, why they’re important, and how they’re
What is a stageless payload artifact?
I’ve had a few questions about Cobalt Strike’s stageless payloads and how these compare to other payload varieties. In this blog post, I’ll explain stageless
What happens when I type getsystem?
Meterpreter’s getsystem command is taken for granted. Type getsystem and magically Meterpreter elevates you from a local administrator to the SYSTEM user. What’s really happening
What happened to my Kill Date?
Cobalt Strike 3.4 introduced a Kill Date feature. This is a date that Cobalt Strike embeds into each Beacon stage. If a Beacon artifact is