High-reputation Redirectors and Domain Fronting
Working on Cobalt Strike, I get some insight into what folks are trying to do with it. Recently, the use of domain fronting for redirectors
How to Extend Your Reach with Cobalt Strike
We’re often asked, “what does Cobalt Strike do?” In simple terms, Cobalt Strike is a post-exploitation framework for adversary simulations and Red Teaming to help
How to Milk a Computer Science Education for Offensive Security Skills
Recently, a poster on reddit asked how to get into offensive security as a student studying Computer Science. Before the post was removed, the poster expressed
How to Pass-the-Hash with Mimikatz
I’m spending a lot of time with mimikatz lately. I’m fascinated by how much capability it has and I’m constantly asking myself, what’s the best
HOWTO: Port Forwards through a SOCKS proxy
Recently, I’ve had multiple people ask about port forwards with Cobalt Strike’s Beacon payload. Beacon has had SOCKS proxy pivoting support since June 2013. This feature
In-Memory Evasion
Many analysts and automated solutions take advantage of various memory detections to find injected DLLs in memory. Memory detections look at the properties (and content)
Infrastructure for Ongoing Red Team Operations
Recently, I’ve had several questions about how to set up infrastructure for long running red team operations with Cobalt Strike. This is an ideal use
Introducing the Mutator Kit: Creating Object File Monstrosities with Sleep Mask and LLVM
This is a joint blog written by William Burgess (@joehowwolf) and Henri Nurmi (@HenriNurmi). In our ‘Cobalt Strike and YARA: Can I Have Your Signature?’
Learn Pipe Fitting for all of your Offense Projects
Named pipes are a method of inter-process communication in Windows. They’re used primarily for local processes to communicate with eachother. They can also facilitate communication
Linux, Left out in the Cold?
I’ve had several folks ask about Linux targets with Cobalt Strike 3.0 and later. Beacon is a Windows-only payload. The big question becomes, how do