SentinelOne discovered a denial of service (DoS) vulnerability in Cobalt Strike. The bug (aka Hotcobalt) can cause a denial of service on a teamserver by using a fake beacon sending abnormally large screenshots.
This bug has been fixed in Cobalt Strike 4.4
Consider mitigating this risk to a teamserver by hardening your C2 infrastructure.
- Update to Cobalt Strike 4.4
- Disable staging on versions of Cobalt Strike prior to 4.4
- Limit access to your teamserver infrastructure to only trusted sources
Thank you, SentinelOne working with us and responsibly disclosing this bug.
References:
- https://labs.sentinelone.com/hotcobalt-new-cobalt-strike-dos-vulnerability-that-lets-you-halt-operations/
