DNS Communication is a Gimmick
I added DNS Communication to Cobalt Strike in June 2013 and refined it further in July 2013. On sales calls and at conferences I get
Covert Lateral Movement with High-Latency C&C
High latency communication allows you to conduct operations on your target’s network, without detection, for a long time. An example of high-latency communication is a
Cobalt Strike Tips for 2016 CCDC Red Teams
It’s CCDC season again. CCDC is the National Collegiate Cyber Defense Competition. Teams of students in 10 regions run simulated business networks and defend against red
Cobalt Strike Team Server Population Study
From February 4, 2019 to February 15, 2019 Strategic Cyber LLC connected to several live Cobalt Strike team servers to download Beacon payloads, analyze them,
Cobalt Strike 2.0 – Malleable Command and Control
I define threat replication as a penetration test that looks like an attack from an APT actor. Assessments that involve threat replication are more than
Cloud-based Redirectors for Distributed Hacking
A common trait among persistent attackers is their distributed infrastructure. A serious attacker doesn’t use one system to launch attacks and catch shells from. Rather,
CCDC Red Teams: Ten Tips to Maximize Success
The CCDC season is upon us. This is the time of year when professionals with many years of industry experience “volunteer” to hack against college
Broken Promises and Malleable C2 Profiles
Red Team infrastructure is a detail-heavy subject. Take the case of domain fronting through a CDN like CloudFront. You have to setup the CloudFront distribution, have a valid
Beacon Object File ADVENTURES: Some Zerologon, SMBGhost, and Situational Awareness
Cobalt Strike can use PowerShell, .NET, and Reflective DLLs for its post-exploitation features. This is the weaponization problem set. How to take things, developed outside
Another Night, Another Actor
Earlier last year, I had a frantic call from a customer. They needed to make a small change to Beacon’s communication pattern and quickly. This