Talk to your children about Payload Staging
Time to time, I find myself in an email exchange about payload security and payload staging. The payload security discussion revolves around Beacon’s security features.
That’ll never work–we don’t allow port 53 out
One of my favorite Cobalt Strike features is its ability to quietly manage a compromised system with DNS. Being rather proud of this feature, I
Use Cobalt Strike’s Beacon with Veil’s Evasion
The Veil Framework is a collection of red team tools, focused on evading detection. The Veil Evasion project is a tool to generate artifacts that
User-defined Storage-based Covert Communication
One of my favorite Cobalt Strike technologies is Malleable C2. This is a domain specific language for user-defined storage-based covert communication. That’s just a fancy
What is a stageless payload artifact?
I’ve had a few questions about Cobalt Strike’s stageless payloads and how these compare to other payload varieties. In this blog post, I’ll explain stageless
Why is rundll32.exe connecting to the internet?
Previously, I wrote a blog post to answer the question: why is notepad.exe connecting to the internet? This post was written in response to a generation