Cobalt Strike 4.3 – Command and CONTROL
Cobalt Strike 4.3 is now available. The bulk of the release involves updates to DNS processing but there are some other, smaller changes in there
SSL certificate verification failure
UPDATE: This has now been fixed. I’ve amended this post to reflect that. If you ran the Cobalt Strike update program today, you may have
Cobalt Strike DoS Vulnerability (CVE-2021-36798)
SentinelOne discovered a denial of service (DoS) vulnerability in Cobalt Strike. The bug (aka Hotcobalt) can cause a denial of service on a teamserver by using
Cobalt Strike 4.4: The One with the Reconnect Button
Cobalt Strike 4.4 is now available. This release puts more control into your hands, improves Cobalt Strike’s evasive qualities and addresses a number of smaller
TeamServer.prop
Following the 4.4 release, you may have noticed a warning message when starting your teamserver: The missing file is optional and its absence does not
A Deeper Look Into the Max Retry Strategy Option
A complementary strategy to the Host Rotation Strategy was introduced to Cobalt Strike 4.5. The max retry strategy was added to HTTP, HTTPS, and DNS
Incorporating New Tools into Core Impact
Core Impact has further enhanced the pen testing process with the introduction of two new modules. The first module enables the use of .NET assemblies,
Cobalt Strike Roadmap Update
Historically, Raphael Mudge, the creator of Cobalt Strike, didn’t typically talk about the Cobalt Strike roadmap publicly. He preferred to play his cards close to
Cobalt Strike 4.6: The Line In The Sand
Cobalt Strike 4.6 is now available. As I mentioned in the recent Roadmap Update blog post, this isn’t a regular release, as it mostly focuses
Out Of Band Update: Cobalt Strike 4.6.1
Cobalt Strike 4.6.1 is now available. This is an out of band update to fix a few issues that were discovered in the 4.6 release