I’ve slowed down on my blogging since this year’s BlackHat and DEF CON. I’m hard at work on the 3.5 release and haven’t had spare cycles to put into blogging. That said, Cobalt Strike’s users have more than picked up the slack. Here’s a collection of recent links that Cobalt Strike users may find interesting.
1. A day in the life of a pentester: How I owned your domain in 4 hours
SPARTAN-001 has a post on /r/HowToHack that describes his use of Responder, Cobalt Strike, mimikatz, and Bloodhound to go from zero to domain admin in a few short hours. These first hand accounts are always fun to read.
2. Receiving Text Messages for Your Beacons
Chris Truncer has a blog post on how to receive a text message when a new Beacon comes into a team server. A few of these scripts were written for Cobalt Strike 2.x, but I haven’t seen a public example for Cobalt Strike 3.0 and later yet. Thanks Chris!
3. LetsEncrypt HTTPS C&C Setup Script for Cobalt Strike
Alex Rymdeko-harvey has posted a script that builds a ready-to-use HTTPS certificate for Cobalt Strike with LetsEncrypt. I’d love to see a blog post on this *nudge* *nudge*. I’ve had multiple folks ask about how to use LetsEncrypt with Cobalt Strike. This script is a good place to start.
4. Adding Easy GUIs to Aggressor Scripts
This script from Jeff (just Jeff) shows how to use Eclipse to build Java/SWING GUIs and port these to the Aggressor Script language. This is actually easier than you might think. Cobalt Strike’s Aggressor Script can call Java APIs directly. If you’d like to build some GUIs to go with your scripts, take a look at this post.