Cobalt Strike RCE. Active Exploitation Reported.
Summary There is a remote code execution vulnerability in the Cobalt Strike team server. A hot fix that breaks this particular exploit chain is available.
Cobalt Strike Updates 03.06.13
Just in time for this weekend’s North East Collegiate Cyber Defense Competition event, I have a fresh update to Armitage and Cobalt Strike. Here’s the
Cobalt Strike’s Process Injection: The Details
Cobalt Strike 3.14 finally delivered some of the process injection flexibility I’ve long wanted to see in the product. In this post, I’d like to
Connection Refused Error in Cobalt Strike
I’ve had several folks write to me asking about the Connection Refused error when they try to use Cobalt Strike. This one: Cobalt Strike 3.0
Cortana: real-time collaborative hacking… with bots
At BSides Las Vegas, I talked about Force Multipliers for Red Team Operations. In this talk, I shared several stories about how my evil bots stole passwords,
Covert VPN – Layer 2 Pivoting for Cobalt Strike
Currently, I’m debating a class of social engineering “packages” to force SMB requests against an attacker controlled system. Ideas include packages to generate LNK files,
DARPA’s Cyber Fast Track: My Experience
Last week, I received a grant from DARPA through the Cyber Fast Track program. I consider this a big milestone in my personal career. If
Delivering custom payloads with Metasploit using DLL injection
I’m very interested in supporting alternative remote administration tools in Cobalt Strike. Meterpreter is awesome as an active RAT, but I need something less chatty
Fresh Paint for the Java Applet Attack
Java is a popular vector for penetration testers and those who penetrate networks without an invitation. An attacker creates a website to host a Java
HOWTO: Reset Your Cobalt Strike License Key
Time to time, I hand out Cobalt Strike license keys to non-customers. Sometimes these are to support an event (e.g., the National CCDC Red Team).