Resources

Case Study

Background A government agency responsible for critical public services commissions a Red Team engagement to assess its cybersecurity resilience. The exercise simulates an advanced persistent

Case Study

Red Team Use Case: Financial Institution

Background A large financial institution conducts an assumed breach exercise to test its cybersecurity resilience. The Red Team is tasked with simulating an advanced persistent

Case Study

Red Team Use Case: Healthcare

Background A regional hospital network conducts a Red Team engagement to evaluate its cybersecurity defenses. The exercise aims to simulate a sophisticated cyberattack targeting patient

Guide

A Simple Guide to Successful Red Teaming

As threat actors innovate their tactics, security teams need to match them step for step. We can’t fight new and complex threats with old and

Blog

Revisiting the UDRL Part 3: Beacon User Data

The UDRL and the Sleepmask are key components of Cobalt Strike’s evasion strategy, yet historically they have not worked well together. For example, prior to

Blog

Introducing the Mutator Kit: Creating Object File Monstrosities with Sleep Mask and LLVM

This is a joint blog written by William Burgess (@joehowwolf) and Henri Nurmi (@HenriNurmi). In our ‘Cobalt Strike and YARA: Can I Have Your Signature?’

Blog

Revisiting the User-Defined Reflective Loader Part 2: Obfuscation and Masking

This is the second installment in a series revisiting the User-Defined Reflective Loader (UDRL). In part one, we aimed to simplify the development and debugging

Blog

Cobalt Strike and YARA: Can I Have Your Signature?

Over the past few years, there has been a massive proliferation of YARA signatures for Beacon. We know from conversations with our customers that this

Blog

Revisiting the User-Defined Reflective Loader Part 1: Simplifying Development

This blog post accompanies a new addition to the Arsenal Kit – The User-Defined Reflective Loader Visual Studio (UDRL-VS). Over the past few months, we

Blog

Behind the Mask: Spoofing Call Stacks Dynamically with Timers

This blog introduces a PoC technique for spoofing call stacks using timers. Prior to our implant sleeping, we can queue up timers to overwrite its

Applied Filters

Sort

Applied Filters

Type

Topic

Author

Subscribe to the Blog

Footer Menu 1

Footer Menu 2

Footer Menu 3

Footer Menu 4

Footer Menu 5

Contact Information

Privacy Policy

Cookie Policy

Terms of Service

Impressum