Home » Blog » A Deeper Look Into the Max Retry Strategy Option
A Deeper Look Into the Max Retry Strategy Option
Thursday 16 December, 2021
A complementary strategy to the Host Rotation Strategy was introduced to Cobalt Strike 4.5. The max retry strategy was added to HTTP, HTTPS, and DNS beacon listeners. A max retry strategy allows a beacon to exit after a specified failure count. As the failure count increases, sleep is adjusted to a specified value. By default, sleep is adjusted at 50% of the failure count.
A max retry can be selected from a list via the create listener GUI:
max retry option set as a listener option
The list can be updated with custom values using the aggressor hook LISTENER_MAX_RETRY_STRATEGIES.
The syntax is broken into four sections separated by a dash:
Column
Description
1
exit
2
Exit beacon after this number of failures
3
Number of failures to begin adjust sleep
4
Sleep time to set when sleep failures are met. Note: The jitter is kept to the current setting.
Using Aggressor to Create a Listener
If you use aggressor to create listeners, you can set the max retry using the max_retry option. This can be set to your custom max retry strategy without the need to be pre-defined.
Below is an example of the listener_create_ext function used to create a listener.