DNS Communication is a Gimmick
I added DNS Communication to Cobalt Strike in June 2013 and refined it further in July 2013. On sales calls and at conferences I get
CredBandit (In memory BOF MiniDump) – Tool review – Part 1
One of the things I find fascinating about being on the Cobalt Strike team is the community. It is amazing to see how people overcome
Create a proxy DLL with artifact kit
DLL attacks (hijacking, proxying, etc) are a challenge defenders must face. They can be leveraged in a Red Team engagement to help measure these defenses.
Covert Lateral Movement with High-Latency C&C
High latency communication allows you to conduct operations on your target’s network, without detection, for a long time. An example of high-latency communication is a
Cobalt Strike Tips for 2016 CCDC Red Teams
It’s CCDC season again. CCDC is the National Collegiate Cyber Defense Competition. Teams of students in 10 regions run simulated business networks and defend against red
Cobalt Strike Team Server Population Study
From February 4, 2019 to February 15, 2019 Strategic Cyber LLC connected to several live Cobalt Strike team servers to download Beacon payloads, analyze them,
Cobalt Strike and YARA: Can I Have Your Signature?
Over the past few years, there has been a massive proliferation of YARA signatures for Beacon. We know from conversations with our customers that this
Cobalt Strike 2.0 – Malleable Command and Control
I define threat replication as a penetration test that looks like an attack from an APT actor. Assessments that involve threat replication are more than
Cloud-based Redirectors for Distributed Hacking
A common trait among persistent attackers is their distributed infrastructure. A serious attacker doesn’t use one system to launch attacks and catch shells from. Rather,
CCDC Red Teams: Ten Tips to Maximize Success
The CCDC season is upon us. This is the time of year when professionals with many years of industry experience “volunteer” to hack against college