Beacon – An Operator’s Guide
Beacon is a payload in Cobalt Strike that has a lot of communication flexibility. This blog post is not a replacement for the documentation, but rather
Beacon Object File ADVENTURES: Some Zerologon, SMBGhost, and Situational Awareness
Cobalt Strike can use PowerShell, .NET, and Reflective DLLs for its post-exploitation features. This is the weaponization problem set. How to take things, developed outside
Behind the Mask: Spoofing Call Stacks Dynamically with Timers
This blog introduces a PoC technique for spoofing call stacks using timers. Prior to our implant sleeping, we can queue up timers to overwrite its
Beware of Slow Downloads
I often receive emails that ask about slow file downloads with the Beacon payload. Here are the symptoms: When I get these emails, I usually
Broken Promises and Malleable C2 Profiles
Red Team infrastructure is a detail-heavy subject. Take the case of domain fronting through a CDN like CloudFront. You have to setup the CloudFront distribution, have a valid
Browser Pivoting (Get past two-factor auth)
Several months ago, I was asked if I had a way to get past two-factor authentication on web applications. Criminals do it, but penetration testers
Building Upon a Strong Foundation
In the weeks ahead, Cobalt Strike 4.6 will go live and will be a minor foundational release before we move into our new development model.
CCDC Red Teams: Ten Tips to Maximize Success
The CCDC season is upon us. This is the time of year when professionals with many years of industry experience “volunteer” to hack against college
Celebrating 10 Years of Cobalt Strike
Can you believe it? Cobalt Strike is 10 years old! Think back to the summer of 2012. The Olympics were taking place in London. CERN
Cloud-based Redirectors for Distributed Hacking
A common trait among persistent attackers is their distributed infrastructure. A serious attacker doesn’t use one system to launch attacks and catch shells from. Rather,