Red Team Data Collection
In 2011, I participated in an exercise. The exercise ran for 60 hours straight, forcing the red team to work in shifts. The event was
Red Team Training at BlackHat USA
Before developing Cobalt Strike, I conducted interviews with several penetration testing practitioners. I wanted to dig into their process, the tools they used, the gaps
Red Team Use Case: Financial Institution
Background A large financial institution conducts an assumed breach exercise to test its cybersecurity resilience. The Red Team is tasked with simulating an advanced persistent
Red Team Use Case: Government Agency
Background A government agency responsible for critical public services commissions a Red Team engagement to assess its cybersecurity resilience. The exercise simulates an advanced persistent
Red Team Use Case: Healthcare
Background A regional hospital network conducts a Red Team engagement to evaluate its cybersecurity defenses. The exercise aims to simulate a sophisticated cyberattack targeting patient
Rethinking Reporting for Red Team Operations
Cobalt Strike 3.0 is coming in a few weeks. This upcoming release is the result of a large engineering effort that paralleled my existing efforts
Reverse Port Forward through a SOCKS Proxy
I had a friend come to me with an interesting problem. He had to get a server to make an outbound connection and evade some
Revisiting the UDRL Part 3: Beacon User Data
The UDRL and the Sleepmask are key components of Cobalt Strikeās evasion strategy, yet historically they have not worked well together. For example, prior to
Revisiting the User-Defined Reflective Loader Part 1: Simplifying Development
This blog post accompanies a new addition to the Arsenal Kit – The User-Defined Reflective Loader Visual Studio (UDRL-VS). Over the past few months, we
Revisiting the User-Defined Reflective Loader Part 2: Obfuscation and Masking
This is the second installment in a series revisiting the User-Defined Reflective Loader (UDRL). In part one, we aimed to simplify the development and debugging